Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
Index: openssh-9.6p1/openbsd-compat/port-linux-sshd.c
|
2023-11-28 17:35:34 +01:00
|
|
|
===================================================================
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
--- openssh-9.6p1.orig/openbsd-compat/port-linux-sshd.c
|
|
|
|
|
+++ openssh-9.6p1/openbsd-compat/port-linux-sshd.c
|
2023-11-28 17:35:34 +01:00
|
|
|
@@ -33,6 +33,7 @@
|
|
|
|
|
#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
|
|
|
|
|
#include "servconf.h"
|
|
|
|
|
#include "port-linux.h"
|
|
|
|
|
+#include "misc.h"
|
|
|
|
|
#include "sshkey.h"
|
|
|
|
|
#include "hostfile.h"
|
|
|
|
|
#include "auth.h"
|
|
|
|
|
@@ -451,7 +452,7 @@ sshd_selinux_setup_exec_context(char *pw
|
|
|
|
|
void
|
|
|
|
|
sshd_selinux_copy_context(void)
|
|
|
|
|
{
|
|
|
|
|
- security_context_t *ctx;
|
|
|
|
|
+ char *ctx;
|
|
|
|
|
|
|
|
|
|
if (!sshd_selinux_enabled())
|
|
|
|
|
return;
|
|
|
|
|
@@ -470,6 +471,72 @@ sshd_selinux_copy_context(void)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+void
|
|
|
|
|
+sshd_selinux_change_privsep_preauth_context(void)
|
|
|
|
|
+{
|
|
|
|
|
+ int len;
|
|
|
|
|
+ char line[1024], *preauth_context = NULL, *cp, *arg;
|
|
|
|
|
+ const char *contexts_path;
|
|
|
|
|
+ FILE *contexts_file;
|
|
|
|
|
+ struct stat sb;
|
|
|
|
|
+
|
|
|
|
|
+ contexts_path = selinux_openssh_contexts_path();
|
|
|
|
|
+ if (contexts_path == NULL) {
|
|
|
|
|
+ debug3_f("Failed to get the path to SELinux context");
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if ((contexts_file = fopen(contexts_path, "r")) == NULL) {
|
|
|
|
|
+ debug_f("Failed to open SELinux context file");
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (fstat(fileno(contexts_file), &sb) != 0 ||
|
|
|
|
|
+ sb.st_uid != 0 || (sb.st_mode & 022) != 0) {
|
|
|
|
|
+ logit_f("SELinux context file needs to be owned by root"
|
|
|
|
|
+ " and not writable by anyone else");
|
|
|
|
|
+ fclose(contexts_file);
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ while (fgets(line, sizeof(line), contexts_file)) {
|
|
|
|
|
+ /* Strip trailing whitespace */
|
|
|
|
|
+ for (len = strlen(line) - 1; len > 0; len--) {
|
|
|
|
|
+ if (strchr(" \t\r\n", line[len]) == NULL)
|
|
|
|
|
+ break;
|
|
|
|
|
+ line[len] = '\0';
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (line[0] == '\0')
|
|
|
|
|
+ continue;
|
|
|
|
|
+
|
|
|
|
|
+ cp = line;
|
|
|
|
|
+ arg = strdelim(&cp);
|
|
|
|
|
+ if (arg && *arg == '\0')
|
|
|
|
|
+ arg = strdelim(&cp);
|
|
|
|
|
+
|
|
|
|
|
+ if (arg && strcmp(arg, "privsep_preauth") == 0) {
|
|
|
|
|
+ arg = strdelim(&cp);
|
|
|
|
|
+ if (!arg || *arg == '\0') {
|
|
|
|
|
+ debug_f("privsep_preauth is empty");
|
|
|
|
|
+ fclose(contexts_file);
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+ preauth_context = xstrdup(arg);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ fclose(contexts_file);
|
|
|
|
|
+
|
|
|
|
|
+ if (preauth_context == NULL) {
|
|
|
|
|
+ debug_f("Unable to find 'privsep_preauth' option in"
|
|
|
|
|
+ " SELinux context file");
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ ssh_selinux_change_context(preauth_context);
|
|
|
|
|
+ free(preauth_context);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
Index: openssh-9.6p1/openbsd-compat/port-linux.h
|
2023-11-28 17:35:34 +01:00
|
|
|
===================================================================
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
--- openssh-9.6p1.orig/openbsd-compat/port-linux.h
|
|
|
|
|
+++ openssh-9.6p1/openbsd-compat/port-linux.h
|
2023-11-28 17:35:34 +01:00
|
|
|
@@ -27,6 +27,7 @@ int sshd_selinux_enabled(void);
|
|
|
|
|
void sshd_selinux_copy_context(void);
|
|
|
|
|
void sshd_selinux_setup_exec_context(char *);
|
|
|
|
|
int sshd_selinux_setup_env_variables(void);
|
|
|
|
|
+void sshd_selinux_change_privsep_preauth_context(void);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef LINUX_OOM_ADJUST
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
Index: openssh-9.6p1/sshd.c
|
2023-11-28 17:35:34 +01:00
|
|
|
===================================================================
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
--- openssh-9.6p1.orig/sshd.c
|
|
|
|
|
+++ openssh-9.6p1/sshd.c
|
2023-11-28 17:35:34 +01:00
|
|
|
@@ -511,7 +511,7 @@ privsep_preauth_child(struct ssh *ssh)
|
|
|
|
|
demote_sensitive_data(ssh);
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
|
- ssh_selinux_change_context("sshd_net_t");
|
|
|
|
|
+ sshd_selinux_change_privsep_preauth_context();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Demote the child */
|