diff --git a/README.SUSE b/README.SUSE index 8a230ae..1bf2887 100644 --- a/README.SUSE +++ b/README.SUSE @@ -13,5 +13,14 @@ There are following changes in default settings of ssh client and server: either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). +* SSH protocol version 1 is enabled for maximum compatibility. + NOTE: do not use protocol version 1. It is less secure then v2 and should + generally be phased out. + +* DSA authentication is enabled by default for maximum compatibility. + NOTE: do not use DSA authentication since it is being phased out for a reason + - the size of DSA keys is limited by the standard to 1024 bits which cannot + be considered safe any more. + For more information on differences in SUSE OpenSSH package see README.FIPS diff --git a/openssh-7.2p2-X11_trusted_forwarding.patch b/openssh-7.2p2-X11_trusted_forwarding.patch index ea1353d..795433e 100644 --- a/openssh-7.2p2-X11_trusted_forwarding.patch +++ b/openssh-7.2p2-X11_trusted_forwarding.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent e75958369c26f618744c229ef1a9925d8ccb1dcb +# Parent 48bbbfeff186061b7fd4795bff15f15f571e2c8f # enable trusted X11 forwarding by default in both sshd and sshsystem-wide # configuration # bnc#50836 (was suse #35836) diff --git a/openssh-7.2p2-allow_DSS_by_default.patch b/openssh-7.2p2-allow_DSS_by_default.patch new file mode 100644 index 0000000..c1a8166 --- /dev/null +++ b/openssh-7.2p2-allow_DSS_by_default.patch @@ -0,0 +1,129 @@ +# HG changeset patch +# Parent 2730f36bee0d6e141d8391b414a702e1add5a853 +Enable DSS authentication by default to maintain compatibility with older +versions. + +bsc#983784 + +diff --git a/openssh-7.2p2/myproposal.h b/openssh-7.2p2/myproposal.h +--- a/openssh-7.2p2/myproposal.h ++++ b/openssh-7.2p2/myproposal.h +@@ -94,21 +94,23 @@ + #define KEX_CLIENT_KEX KEX_COMMON_KEX \ + "diffie-hellman-group-exchange-sha1," \ + "diffie-hellman-group14-sha1" + + #define KEX_DEFAULT_PK_ALG \ + HOSTKEY_ECDSA_CERT_METHODS \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com," \ ++ "ssh-dss-cert-v01@openssh.com," \ + HOSTKEY_ECDSA_METHODS \ + "ssh-ed25519," \ + "rsa-sha2-512," \ + "rsa-sha2-256," \ +- "ssh-rsa" ++ "ssh-rsa," \ ++ "ssh-dss" + + /* the actual algorithms */ + + #define KEX_SERVER_ENCRYPT \ + "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr" \ + AESGCM_CIPHER_MODES + +diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5 +--- a/openssh-7.2p2/ssh_config.5 ++++ b/openssh-7.2p2/ssh_config.5 +@@ -887,19 +887,19 @@ Alternately if the specified value begin + character, then the specified key types will be appended to the default set + instead of replacing them. + The default for this option is: + .Bd -literal -offset 3n + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, ++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,ssh-rsa ++ssh-ed25519,ssh-rsa,ssh-dss + .Ed + .Pp + If hostkeys are known for the destination host then this default is modified + to prefer their algorithms. + .Pp + The list of available key types may also be obtained using the + .Fl Q + option of +@@ -1325,19 +1325,19 @@ Alternately if the specified value begin + character, then the key types after it will be appended to the default + instead of replacing it. + The default for this option is: + .Bd -literal -offset 3n + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, ++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,ssh-rsa ++ssh-ed25519,ssh-rsa,ssh-dss + .Ed + .Pp + The + .Fl Q + option of + .Xr ssh 1 + may be used to list supported key types. + .It Cm PubkeyAuthentication +diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5 +--- a/openssh-7.2p2/sshd_config.5 ++++ b/openssh-7.2p2/sshd_config.5 +@@ -651,19 +651,19 @@ Alternately if the specified value begin + character, then the specified key types will be appended to the default set + instead of replacing them. + The default for this option is: + .Bd -literal -offset 3n + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, ++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,ssh-rsa ++ssh-ed25519,ssh-rsa,ssh-dss + .Ed + .Pp + The + .Fl Q + option of + .Xr ssh 1 + may be used to list supported key types. + .It Cm HostbasedAuthentication +@@ -743,19 +743,19 @@ environment variable. + Specifies the host key algorithms + that the server offers. + The default for this option is: + .Bd -literal -offset 3n + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + ssh-ed25519-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, ++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,ssh-rsa ++ssh-ed25519,ssh-rsa,ssh-dss + .Ed + .Pp + The list of available key types may also be obtained using the + .Fl Q + option of + .Xr ssh 1 + with an argument of + .Dq key . diff --git a/openssh-7.2p2-allow_root_password_login.patch b/openssh-7.2p2-allow_root_password_login.patch index c3ac349..884f785 100644 --- a/openssh-7.2p2-allow_root_password_login.patch +++ b/openssh-7.2p2-allow_root_password_login.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent dff5e86b989543049cc51bb57e75a63c1942cda3 +# Parent 8cf6984812ab2211ce60c0a9156892b3a7ee3aaf Allow root login with password by default. While less secure than upstream default of forbidding access to the root account with a password, we are temporarily introducing this change to keep the default used in older OpenSSH diff --git a/openssh-7.2p2-blocksigalrm.patch b/openssh-7.2p2-blocksigalrm.patch index fdc1fe1..16970d5 100644 --- a/openssh-7.2p2-blocksigalrm.patch +++ b/openssh-7.2p2-blocksigalrm.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent a80e23747c8fbba7302c5a7ccb6b206d96093e42 +# Parent 5469eb754184144e42c341ccc038309e2880cadc block SIGALRM while logging through syslog to prevent deadlocks (through grace_alarm_handler()) diff --git a/openssh-7.2p2-disable_short_DH_parameters.patch b/openssh-7.2p2-disable_short_DH_parameters.patch index 8f3ef15..ddd6ae4 100644 --- a/openssh-7.2p2-disable_short_DH_parameters.patch +++ b/openssh-7.2p2-disable_short_DH_parameters.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 7e46491ef372d47617499c58acf2ea66216858d2 +# Parent c924f46e3639b3646e42dd7505c206d43d7180fa Raise minimal size of DH group parameters to 2048 bits like upstream did in 7.2. 1024b values are believed to be in breaking range for state adversaries diff --git a/openssh-7.2p2-dont_use_pthreads_in_PAM.patch b/openssh-7.2p2-dont_use_pthreads_in_PAM.patch index dc2abf2..b1027e6 100644 --- a/openssh-7.2p2-dont_use_pthreads_in_PAM.patch +++ b/openssh-7.2p2-dont_use_pthreads_in_PAM.patch @@ -1,7 +1,8 @@ # HG changeset patch -# Parent 779a907d59d4907d10a8f0b3f52a38d8bdf115b6 +# Parent 2aa634b7522f34ddbd380c96df4e750df0608604 # posix threads are generally not supported nor safe # (see upstream log from 2005-05-24) +# --used to be called '-pam-fix3' diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c --- a/openssh-7.2p2/auth-pam.c diff --git a/openssh-7.2p2-eal3.patch b/openssh-7.2p2-eal3.patch index 49e8b7b..7d8c4e3 100644 --- a/openssh-7.2p2-eal3.patch +++ b/openssh-7.2p2-eal3.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 8a9b47df710e3a0bbea4af0f9274bb175944a8a9 +# Parent bbb49b3f344cf24e9bbd7eb7a7c40fea21be77eb fix paths and references in sshd man pages diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8 diff --git a/openssh-7.2p2-enable_PAM_by_default.patch b/openssh-7.2p2-enable_PAM_by_default.patch index 14530a1..bd3eba5 100644 --- a/openssh-7.2p2-enable_PAM_by_default.patch +++ b/openssh-7.2p2-enable_PAM_by_default.patch @@ -1,7 +1,8 @@ # HG changeset patch -# Parent 40536816550c893d5ee67f90f3a917e79f73a163 +# Parent 477d43e9a3889d36b58ff19cf3cb9583e1abf9ce # force PAM in defaullt install (this was removed from upstream in 3.8p1) # bnc#46749 +# --used to be called '-pam-fix2' diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config --- a/openssh-7.2p2/sshd_config diff --git a/openssh-7.2p2-hostname_changes_when_forwarding_X.patch b/openssh-7.2p2-hostname_changes_when_forwarding_X.patch index 6e24097..493bdfe 100644 --- a/openssh-7.2p2-hostname_changes_when_forwarding_X.patch +++ b/openssh-7.2p2-hostname_changes_when_forwarding_X.patch @@ -1,5 +1,6 @@ # HG changeset patch -# Parent d5e9457ee640bdd816edb9c67792cddb00c229b9 +# Parent b5245fb016a3b83611d4b4ae0c1fe3423cadd6fe +# -- uset do be called '-xauthlocalhostname' handle hostname changes when forwarding X bnc#98627 diff --git a/openssh-7.2p2-lastlog.patch b/openssh-7.2p2-lastlog.patch index 31398d1..45969c5 100644 --- a/openssh-7.2p2-lastlog.patch +++ b/openssh-7.2p2-lastlog.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 9b5b0f2772591aaeb0ecd4c982a9d64242ed6c8b +# Parent 2ee086fa64dd40d0d50b13fa3a784717bfdd7e4b # set uid for functions that use it to seek in lastlog and wtmp files # bnc#18024 (was suse #3024) diff --git a/openssh-7.2p2-pam_check_locks.patch b/openssh-7.2p2-pam_check_locks.patch index e222ebf..d99fd58 100644 --- a/openssh-7.2p2-pam_check_locks.patch +++ b/openssh-7.2p2-pam_check_locks.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 9b211a1de83fa39e4b7bb36c8bd1b5fdc2bd8085 +# Parent 5b217a9abc32fa963a125ae29c766c015db53bde new option UsePAMCheckLocks to enforce checking for locked accounts while UsePAM is used diff --git a/openssh-7.2p2-pts_names_formatting.patch b/openssh-7.2p2-pts_names_formatting.patch index dc31981..72420cb 100644 --- a/openssh-7.2p2-pts_names_formatting.patch +++ b/openssh-7.2p2-pts_names_formatting.patch @@ -1,7 +1,8 @@ # HG changeset patch -# Parent 94fb9a9ff763462af43304fc73c2913a07829226 +# Parent 870f97b01b9ed00bac9ff0b8014a998434a6161b # use same lines naming as utempter (prevents problems with using different # formats in ?tmp? files) +# --used to be called '-pts' diff --git a/openssh-7.2p2/loginrec.c b/openssh-7.2p2/loginrec.c --- a/openssh-7.2p2/loginrec.c diff --git a/openssh-7.2p2-remove_xauth_cookies_on_exit.patch b/openssh-7.2p2-remove_xauth_cookies_on_exit.patch index cf75750..838d356 100644 --- a/openssh-7.2p2-remove_xauth_cookies_on_exit.patch +++ b/openssh-7.2p2-remove_xauth_cookies_on_exit.patch @@ -1,5 +1,6 @@ # HG changeset patch -# Parent c7d5ac7548d3bc695559aee7e28569e422b6aadf +# Parent 07998e381c9867b8b6f7b9205261811934bef40f +# --used to be called '-xauth' try to remove xauth cookies on logout bnc#98815 diff --git a/openssh-7.2p2-seccomp_getuid.patch b/openssh-7.2p2-seccomp_getuid.patch index ed4e9de..45c7b13 100644 --- a/openssh-7.2p2-seccomp_getuid.patch +++ b/openssh-7.2p2-seccomp_getuid.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 4f03a27aa55b0beebf232844353779e182cd2497 +# Parent 3582dd949a01d8eca2816986ca4bc0c87c96bed3 add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread from being killed by the seccomp filter diff --git a/openssh-7.2p2-seccomp_stat.patch b/openssh-7.2p2-seccomp_stat.patch index fa13564..d0d637c 100644 --- a/openssh-7.2p2-seccomp_stat.patch +++ b/openssh-7.2p2-seccomp_stat.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent 51a94ce61ff5c6908d747d8bc5806e18c6f5c114 +# Parent d3afe6b01f8769713bde6c175e29a50412799e27 Allow the stat() syscall for OpenSSL re-seed patch (which causes OpenSSL use stat() on some file) diff --git a/openssh-7.2p2-send_locale.patch b/openssh-7.2p2-send_locale.patch index 226a55d..025aac1 100644 --- a/openssh-7.2p2-send_locale.patch +++ b/openssh-7.2p2-send_locale.patch @@ -1,5 +1,5 @@ # HG changeset patch -# Parent fdeedfd2266d642837d86b9b7b3cdc6c00e9535d +# Parent 505927e61d1a7848f0003adb3619cc726b8e5d15 send locales in default configuration bnc#65747 diff --git a/openssh.changes b/openssh.changes index 7e5651c..12fa7e1 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Jun 7 16:52:45 UTC 2016 - pcerny@suse.com + +- enable support for SSHv1 protocol and discourage its usage + (bsc#983307) +- enable DSA by default for backward compatibility and discourage + its usage (bsc#983784) + [openssh-7.2p2-allow_DSS_by_default.patch] + ------------------------------------------------------------------- Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com @@ -41,7 +50,499 @@ Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com ------------------------------------------------------------------- Fri May 27 23:27:51 UTC 2016 - pcerny@suse.com -- upgrade to 7.2p2 - upstream package without any SUSE patches +- upgrade to 7.2p2 + upstream package without any SUSE patches + Distilled upstream log: +- OpenSSH 6.7 + Potentially-incompatible changes: + * sshd(8): The default set of ciphers and MACs has been + altered to remove unsafe algorithms. In particular, CBC + ciphers and arcfour* are disabled by default. + The full set of algorithms remains available if configured + explicitly via the Ciphers and MACs sshd_config options. + * sshd(8): Support for tcpwrappers/libwrap has been removed. + * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of + connections using the curve25519-sha256@libssh.org KEX + exchange method to fail when connecting with something that + implements the specification correctly. OpenSSH 6.7 disables + this KEX method when speaking to one of the affected + versions. + New Features: + * ssh(1), sshd(8): Add support for Unix domain socket + forwarding. A remote TCP port may be forwarded to a local + Unix domain socket and vice versa or both ends may be a Unix + domain socket. + * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for + ED25519 key types. + * sftp(1): Allow resumption of interrupted uploads. + * ssh(1): When rekeying, skip file/DNS lookups of the hostkey + if it is the same as the one sent during initial key exchange + * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind + addresses when GatewayPorts=no; allows client to choose + address family + * sshd(8): Add a sshd_config PermitUserRC option to control + whether ~/.ssh/rc is executed, mirroring the no-user-rc + authorized_keys option + * ssh(1): Add a %C escape sequence for LocalCommand and + ControlPath that expands to a unique identifer based on a + hash of the tuple of (local host, remote user, hostname, + port). Helps avoid exceeding miserly pathname limits for Unix + domain sockets in multiplexing control paths + * sshd(8): Make the "Too many authentication failures" message + include the user, source address, port and protocol in a + format similar to the authentication success / failure + messages + Bugfixes: + * sshd(8): Fix remote forwarding with the same listen port but + different listen address. + * ssh(1): Fix inverted test that caused PKCS#11 keys that were + explicitly listed in ssh_config or on the commandline not to + be preferred. + * ssh-keygen(1): Fix bug in KRL generation: multiple + consecutive revoked certificate serial number ranges could be + serialised to an invalid format. Readers of a broken KRL + caused by this bug will fail closed, so no + should-have-been-revoked key will be accepted. + * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") + failures in exit status. Previously we were always returning 0 + * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly + in the randomart border + * ssh-agent(1): Only cleanup agent socket in the main agent + process and not in any subprocesses it may have started (e.g. + forked askpass). Fixes agent sockets being zapped when + askpass processes fatal() + * ssh-add(1): Make stdout line-buffered; saves partial output + getting lost when ssh-add fatal()s part-way through (e.g. + when listing keys from an agent that supports key types that + ssh-add doesn't) + * ssh-keygen(1): When hashing or removing hosts, don't choke on + @revoked markers and don't remove @cert-authority markers + * ssh(1): Don't fatal when hostname canonicalisation fails and + a ProxyCommand is in use; continue and allow the ProxyCommand + to connect anyway (e.g. to a host with a name outside the DNS + behind a bastion) + * scp(1): When copying local->remote fails during read, don't + send uninitialised heap to the remote end. + * sftp(1): Fix fatal "el_insertstr failed" errors when + tab-completing filenames with a single quote char somewhere + in the string + * ssh-keyscan(1): Scan for Ed25519 keys by default. + * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, + down-convert any certificate keys to plain keys and attempt + SSHFP resolution. Prevents a server from skipping SSHFP + lookup and forcing a new-hostkey dialog by offering only + certificate keys. +- OpenSSH 6.8 + Potentially-incompatible changes: + * sshd(8): UseDNS now defaults to 'no'. Configurations that + match against the client host name (via sshd_config or + authorized_keys) may need to re-enable it or convert to + matching against addresses. + New Features: + * Add FingerprintHash option to ssh(1) and sshd(8), and + equivalent command-line flags to the other tools to control + algorithm used for key fingerprints. The default changes from + MD5 to SHA256 and format from hex to base64. + Fingerprints now have the hash algorithm prepended. An + example of the new format: + SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please + note that visual host keys will also be different. + * ssh(1), sshd(8): Experimental host key rotation support. Add + a protocol extension for a server to inform a client of all + its available host keys after authentication has completed. + The client may record the keys in known_hosts, allowing it to + upgrade to better host key algorithms and a server to + gracefully rotate its keys. + The client side of this is controlled by a UpdateHostkeys + config option (default off). + * ssh(1): Add a ssh_config HostbasedKeyType option to control + which host public key types are tried during host-based + authentication. + * ssh(1), sshd(8): fix connection-killing host key mismatch + errors when sshd offers multiple ECDSA keys of different + lengths. + * ssh(1): when host name canonicalisation is enabled, try to + parse host names as addresses before looking them up for + canonicalisation. fixes bz#2074 and avoiding needless DNS + lookups in some cases. + * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer + require OpenSSH to be compiled with OpenSSL support. + * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based + authentication. + * sshd(8): SSH protocol v.1 workaround for the Meyer, et al, + Bleichenbacher Side Channel Attack. Fake up a bignum key + before RSA decryption. + * sshd(8): Remember which public keys have been used for + authentication and refuse to accept previously-used keys. + This allows AuthenticationMethods=publickey,publickey to + require that users authenticate using two _different_ public + keys. + * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and + PubkeyAcceptedKeyTypes options to allow sshd to control what + public key types will be accepted. Currently defaults to all. + * sshd(8): Don't count partial authentication success as a + failure against MaxAuthTries. + * ssh(1): Add RevokedHostKeys option for the client to allow + text-file or KRL-based revocation of host keys. + * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates + by serial number or key ID without scoping to a particular + CA. + * ssh(1): Add a "Match canonical" criteria that allows + ssh_config Match blocks to trigger only in the second config + pass. + * ssh(1): Add a -G option to ssh that causes it to parse its + configuration and dump the result to stdout, similar to + "sshd -T". + * ssh(1): Allow Match criteria to be negated. + E.g. "Match !host". + * The regression test suite has been extended to cover more + OpenSSH features. The unit tests have been expanded and now + cover key exchange. + Bugfixes: + * ssh-keyscan(1): ssh-keyscan has been made much more robust + again servers that hang or violate the SSH protocol. + * ssh(1), ssh-keygen(1): Fix regression: Key path names were + being lost as comment fields. + * ssh(1): Allow ssh_config Port options set in the second + config parse phase to be applied (they were being ignored). + * ssh(1): Tweak config re-parsing with host canonicalisation - make + the second pass through the config files always run when host name + canonicalisation is enabled (and not whenever the host name + changes) + * ssh(1): Fix passing of wildcard forward bind addresses when + connection multiplexing is in use + * ssh-keygen(1): Fix broken private key conversion from + non-OpenSSH formats. + * ssh-keygen(1): Fix KRL generation bug when multiple CAs are + in use. + * Various fixes to manual pages +- OpenSSH 6.9 + Security: + * ssh(1): when forwarding X11 connections with + ForwardX11Trusted=no, connections made after + ForwardX11Timeout expired could be permitted and no longer + subject to XSECURITY restrictions because of an ineffective + timeout check in ssh(1) coupled with "fail open" behaviour in + the X11 server when clients attempted connections with + expired credentials. This problem was reported by Jann Horn. + * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to + password guessing by implementing an increasing failure + delay, storing a salted hash of the password rather than the + password itself and using a timing-safe comparison function + for verifying unlock attempts. This problem was reported by + Ryan Castellucci. + New Features: + * ssh(1), sshd(8): promote chacha20-poly1305@openssh.com to be + the default cipher + * sshd(8): support admin-specified arguments to + AuthorizedKeysCommand + * sshd(8): add AuthorizedPrincipalsCommand that allows + retrieving authorized principals information from a + subprocess rather than a file. + * ssh(1), ssh-add(1): support PKCS#11 devices with external PIN + entry devices + * sshd(8): allow GSSAPI host credential check to be relaxed for + multihomed hosts via GSSAPIStrictAcceptorCheck option + * ssh-keygen(1): support "ssh-keygen -lF hostname" to search + known_hosts and print key hashes rather than full keys. + * ssh-agent(1): add -D flag to leave ssh-agent in foreground + without enabling debug mode + Bugfixes: + * ssh(1), sshd(8): deprecate legacy + SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use + it against some 3rd-party SSH implementations that use it + (older PuTTY, WinSCP). + * Many fixes for problems caused by compile-time deactivation + of SSH1 support (including bz#2369) + * ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco + implementations as some would fail when attempting to use + group sizes >4K + * ssh(1): fix out-of-bound read in EscapeChar configuration + option parsing + * sshd(8): fix application of PermitTunnel, LoginGraceTime, + AuthenticationMethods and StreamLocalBindMask options in + Match blocks + * ssh(1), sshd(8): improve disconnection message on TCP reset; + bz#2257 + * ssh(1): remove failed remote forwards established by + muliplexing from the list of active forwards + * sshd(8): make parsing of authorized_keys "environment=" + options independent of PermitUserEnv being enabled + * sshd(8): fix post-auth crash with permitopen=none + * ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private + keys to be encrypted with AEAD ciphers + * ssh(1): allow ListenAddress, Port and AddressFamily + configuration options to appear in any order + * sshd(8): check for and reject missing arguments for + VersionAddendum and ForceCommand + * ssh(1), sshd(8): don't treat unknown certificate extensions + as fatal + * ssh-keygen(1): make stdout and stderr output consistent + * ssh(1): mention missing DISPLAY environment in debug log when + X11 forwarding requested + * sshd(8): correctly record login when UseLogin is set + * sshd(8): Add some missing options to sshd -T output and fix + output of VersionAddendum and HostCertificate. bz#2346 + * Document and improve consistency of options that accept a + "none" argument" TrustedUserCAKeys, RevokedKeys (bz#2382), + AuthorizedPrincipalsFile (bz#2288) + * ssh(1): include remote username in debug output + * sshd(8): avoid compatibility problem with some versions of + Tera Term, which would crash when they received the hostkeys + notification message (hostkeys-00@openssh.com) + * sshd(8): mention ssh-keygen -E as useful when comparing + legacy MD5 host key fingerprints + * ssh(1): clarify pseudo-terminal request behaviour and use + make manual language consistent + * ssh(1): document that the TERM environment variable is not + subject to SendEnv and AcceptEnv +- OpenSSH 7.0: + This focuses primarily on deprecating weak, legacy and/or + unsafe cryptography. + Security: + * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be + world- writable. Local attackers may be able to write + arbitrary messages to logged-in users, including terminal + escape sequences. Reported by Nikolay Edigaryev. + * sshd(8): Portable OpenSSH only: Fixed a privilege separation + weakness related to PAM support. Attackers who could + successfully compromise the pre-authentication process for + remote code execution and who had valid credentials on the + host could impersonate other users. Reported by Moritz + Jodeit. + * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug + related to PAM support that was reachable by attackers who + could compromise the pre-authentication process for remote + code execution. Also reported by Moritz Jodeit. + * sshd(8): fix circumvention of MaxAuthTries using keyboard- + interactive authentication. By specifying a long, repeating + keyboard-interactive "devices" string, an attacker could + request the same authentication method be tried thousands of + times in a single pass. The LoginGraceTime timeout in sshd(8) + and any authentication failure delays implemented by the + authentication mechanism itself were still applied. Found by + Kingcope. + Potentially-incompatible Changes: + * Support for the legacy SSH version 1 protocol is disabled by + default at compile time. + * Support for the 1024-bit diffie-hellman-group1-sha1 key + exchange is disabled by default at run-time. It may be + re-enabled using the instructions in README.legacy or + http://www.openssh.com/legacy.html + * Support for ssh-dss, ssh-dss-cert-* host and user keys is + disabled by default at run-time. These may be re-enabled + using the instructions at http://www.openssh.com/legacy.html + * Support for the legacy v00 cert format has been removed. + * The default for the sshd_config(5) PermitRootLogin option has + changed from "yes" to "prohibit-password". + * PermitRootLogin=without-password/prohibit-password now bans + all interactive authentication methods, allowing only + public-key, hostbased and GSSAPI authentication (previously + it permitted keyboard-interactive and password-less + authentication if those were enabled). + New Features: + * ssh_config(5): add PubkeyAcceptedKeyTypes option to control + which public key types are available for user authentication. + * sshd_config(5): add HostKeyAlgorithms option to control which + public key types are offered for host authentications. + * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, + HostKeyAlgorithms, PubkeyAcceptedKeyTypes and + HostbasedKeyTypes options to allow appending to the default + set of algorithms instead of replacing it. Options may now be + prefixed with a '+' to append to the default, e.g. + "HostKeyAlgorithms=+ssh-dss". + * sshd_config(5): PermitRootLogin now accepts an argument of + 'prohibit-password' as a less-ambiguous synonym of 'without- + password'. + Bugfixes: + * ssh(1), sshd(8): add compatability workarounds for Cisco and + more PuTTY versions. + * Fix some omissions and errors in the PROTOCOL and + PROTOCOL.mux documentation relating to Unix domain socket + forwarding + * ssh(1): Improve the ssh(1) manual page to include a better + description of Unix domain socket forwarding + * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, + fixing failures to load keys when they are present. + * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that + wth empty CKA_ID + * sshd(8): clarify documentation for UseDNS option +- OpenSSH 7.1: + Security: + * sshd(8): OpenSSH 7.0 contained a logic error in + PermitRootLogin= prohibit-password/without-password that + could, depending on compile-time configuration, permit + password authentication to root while preventing other forms + of authentication. This problem was reported by Mantas + Mikulenas. + Bugfixes: + * ssh(1), sshd(8): add compatability workarounds for FuTTY + * ssh(1), sshd(8): refine compatability workarounds for WinSCP + * Fix a number of memory faults (double-free, free of + uninitialised memory, etc) in ssh(1) and ssh-keygen(1). + Reported by Mateusz Kocielski. +- OpenSSH 7.1p2: + * SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1 + contains experimential support for resuming SSH-connections + (roaming). + The matching server code has never been shipped, but the + client code was enabled by default and could be tricked by a + malicious server into leaking client memory to the server, + including private client user keys. + The authentication of the server host key prevents + exploitation by a man-in-the-middle, so this information leak + is restricted to connections to malicious or compromised + servers. + MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the + client can be completely disabled by adding 'UseRoaming no' + to the gobal ssh_config(5) file, or to user configuration in + ~/.ssh/config, or by passing -oUseRoaming=no on the command + line. + PATCH: See below for a patch to disable this feature + (Disabling Roaming in the Source Code). + This problem was reported by the Qualys Security Advisory + team. + * SECURITY: Eliminate the fallback from untrusted + X11-forwarding to trusted forwarding for cases when the X + server disables the SECURITY extension. Reported by Thomas + Hoger. + * SECURITY: Fix an out of-bound read access in the packet + handling code. Reported by Ben Hawkes. + * PROTOCOL: Correctly interpret the 'first_kex_follows' option + during the intial key exchange. Reported by Matt Johnston. + * Further use of explicit_bzero has been added in various + buffer handling code paths to guard against compilers + aggressively doing dead-store removal. + Potentially-incompatible changes: + * This release disables a number of legacy cryptographic + algorithms by default in ssh: + + Several ciphers blowfish-cbc, cast128-cbc, all arcfour + variants and the rijndael-cbc aliases for AES. + + MD5-based and truncated HMAC algorithms. +- OpenSSH 7.2: + Security: + * ssh(1), sshd(8): remove unfinished and unused roaming code + (was already forcibly disabled in OpenSSH 7.1p2). + * ssh(1): eliminate fallback from untrusted X11 forwarding to + trusted forwarding when the X server disables the SECURITY + extension. + * ssh(1), sshd(8): increase the minimum modulus size supported + for diffie-hellman-group-exchange to 2048 bits. + * sshd(8): pre-auth sandboxing is now enabled by default + (previous releases enabled it for new installations via + sshd_config). + New Features: + * all: add support for RSA signatures using SHA-256/512 hash + algorithms based on draft-rsa-dsa-sha2-256-03.txt and + draft-ssh-ext-info-04.txt. + * ssh(1): Add an AddKeysToAgent client option which can be set + to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. + When enabled, a private key that is used during + authentication will be added to ssh-agent if it is running + (with confirmation enabled if set to 'confirm'). + * sshd(8): add a new authorized_keys option "restrict" that + includes all current and future key restrictions + (no-*-forwarding, etc.). Also add permissive versions of the + existing restrictions, e.g. "no-pty" -> "pty". This + simplifies the task of setting up restricted keys and ensures + they are maximally-restricted, regardless of any permissions + we might implement in the future. + * ssh(1): add ssh_config CertificateFile option to explicitly + list certificates. bz#2436 + * ssh-keygen(1): allow ssh-keygen to change the key comment for + all supported formats. + * ssh-keygen(1): allow fingerprinting from standard input, e.g. + "ssh-keygen -lf -" + * ssh-keygen(1): allow fingerprinting multiple public keys in a + file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319 + * sshd(8): support "none" as an argument for sshd_config + Foreground and ChrootDirectory. Useful inside Match blocks to + override a global default. bz#2486 + * ssh-keygen(1): support multiple certificates (one per line) + and reading from standard input (using "-f -") for + "ssh-keygen -L" + * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow + fetching certificates instead of plain keys. + * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org') + in hostname canonicalisation - treat them as already + canonical and remove the trailing '.' before matching + ssh_config. + Bugfixes: + * sftp(1): existing destination directories should not + terminate recursive uploads (regression in openssh 6.8) + * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED + replies to unexpected messages during key exchange. + * ssh(1): refuse attempts to set ConnectionAttempts=0, which + does not make sense and would cause ssh to print an + uninitialised stack variable. + * ssh(1): fix errors when attempting to connect to scoped IPv6 + addresses with hostname canonicalisation enabled. + * sshd_config(5): list a couple more options usable in Match + blocks. + * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match + block. + * ssh(1): expand tilde characters in filenames passed to -i + options before checking whether or not the identity file + exists. Avoids confusion for cases where shell doesn't expand + (e.g. "-i ~/file" vs. "-i~/file"). + * ssh(1): do not prepend "exec" to the shell command run by + "Match exec" in a config file, which could cause some + commands to fail in certain environments. + * ssh-keyscan(1): fix output for multiple hosts/addrs on one + line when host hashing or a non standard port is in use + * sshd(8): skip "Could not chdir to home directory" message + when ChrootDirectory is active. + * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump. + * sshd(8): avoid changing TunnelForwarding device flags if they + are already what is needed; makes it possible to use tun/tap + networking as non-root user if device permissions and + interface flags are pre-established + * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet. + * ssh(1): fix multiplexing master failure to notice client + exit. + * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that + present empty key IDs. + * sshd(8): avoid printf of NULL argument. + * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. + * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL + signature support. + * ssh(1), sshd(8): fix connections with peers that use the key + exchange guess feature of the protocol. + * sshd(8): include remote port number in log messages. + * ssh(1): don't try to load SSHv1 private key when compiled + without SSHv1 support. + * ssh-agent(1), ssh(1): fix incorrect error messages during key + loading and signing errors. + * ssh-keygen(1): don't leave empty temporary files when + performing known_hosts file edits when known_hosts doesn't + exist. + * sshd(8): correct packet format for tcpip-forward replies for + requests that don't allocate a port + * ssh(1), sshd(8): fix possible hang on closed output. + * ssh(1): expand %i in ControlPath to UID. + * ssh(1), sshd(8): fix return type of openssh_RSA_verify. + * ssh(1), sshd(8): fix some option parsing memory leaks. + * ssh(1): add a some debug output before DNS resolution; it's a + place where ssh could previously silently stall in cases of + unresponsive DNS servers. + * ssh(1): remove spurious newline in visual hostkey. + * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+... + * ssh(1): fix expansion of HostkeyAlgorithms=+... + Documentation: + * ssh_config(5), sshd_config(5): update default algorithm lists + to match current reality. + * ssh(1): mention -Q key-plain and -Q key-cert query options. + * sshd_config(8): more clearly describe what + AuthorizedKeysFile=none does. + * ssh_config(5): better document ExitOnForwardFailure. + * sshd(5): mention internal DH-GEX fallback groups in manual. + * sshd_config(5): better description for MaxSessions option. + Portability: + * sshd(8): fix multiple authentication using S/Key. +- OpenSSH 7.2p2: + Security: + * sshd(8): sanitise X11 authentication credentials to avoid + xauth command injection when X11Forwarding is enabled. (removing patches from previous version: * CVE-2016-0777_CVE-2016-0778.patch * openssh-6.6p1-X11-forwarding.patch diff --git a/openssh.spec b/openssh.spec index a6c7353..f4737a7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -109,20 +109,21 @@ Source10: sshd.service Source11: README.FIPS Source12: cavs_driver-ssh.pl Patch00: openssh-7.2p2-allow_root_password_login.patch -Patch01: openssh-7.2p2-X11_trusted_forwarding.patch -Patch02: openssh-7.2p2-lastlog.patch -Patch03: openssh-7.2p2-enable_PAM_by_default.patch -Patch04: openssh-7.2p2-dont_use_pthreads_in_PAM.patch -Patch05: openssh-7.2p2-eal3.patch -Patch06: openssh-7.2p2-blocksigalrm.patch -Patch07: openssh-7.2p2-send_locale.patch -Patch08: openssh-7.2p2-hostname_changes_when_forwarding_X.patch -Patch09: openssh-7.2p2-remove_xauth_cookies_on_exit.patch -Patch10: openssh-7.2p2-pts_names_formatting.patch -Patch11: openssh-7.2p2-pam_check_locks.patch -Patch12: openssh-7.2p2-disable_short_DH_parameters.patch -Patch13: openssh-7.2p2-seccomp_getuid.patch -Patch14: openssh-7.2p2-seccomp_stat.patch +Patch01: openssh-7.2p2-allow_DSS_by_default.patch +Patch02: openssh-7.2p2-X11_trusted_forwarding.patch +Patch03: openssh-7.2p2-lastlog.patch +Patch04: openssh-7.2p2-enable_PAM_by_default.patch +Patch05: openssh-7.2p2-dont_use_pthreads_in_PAM.patch +Patch06: openssh-7.2p2-eal3.patch +Patch07: openssh-7.2p2-blocksigalrm.patch +Patch08: openssh-7.2p2-send_locale.patch +Patch09: openssh-7.2p2-hostname_changes_when_forwarding_X.patch +Patch10: openssh-7.2p2-remove_xauth_cookies_on_exit.patch +Patch11: openssh-7.2p2-pts_names_formatting.patch +Patch12: openssh-7.2p2-pam_check_locks.patch +Patch13: openssh-7.2p2-disable_short_DH_parameters.patch +Patch14: openssh-7.2p2-seccomp_getuid.patch +Patch15: openssh-7.2p2-seccomp_stat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Conflicts: nonfreessh Recommends: audit @@ -189,6 +190,7 @@ FIPS140 CAVS tests related parts of the OpenSSH package %patch12 -p2 %patch13 -p2 %patch14 -p2 +%patch15 -p2 cp %{SOURCE3} %{SOURCE4} %{SOURCE11} . %build @@ -241,6 +243,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS %if %{needs_libedit} --with-libedit \ %endif + --with-ssh1 \ --target=%{_target_cpu}-suse-linux \ ### configure end