From 3a2fd75d04dfde36c4eff450947d797fed2f5197 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 08 2022 07:03:27 +0000 Subject: import openssh-8.0p1-16.el8 --- diff --git a/SOURCES/openssh-6.7p1-sftp-force-permission.patch b/SOURCES/openssh-6.7p1-sftp-force-permission.patch index 2d6e730..c6a28e5 100644 --- a/SOURCES/openssh-6.7p1-sftp-force-permission.patch +++ b/SOURCES/openssh-6.7p1-sftp-force-permission.patch @@ -1,6 +1,6 @@ -diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8 ---- openssh-7.2p2/sftp-server.8.sftp-force-mode 2016-03-09 19:04:48.000000000 +0100 -+++ openssh-7.2p2/sftp-server.8 2016-06-23 16:18:20.463854117 +0200 +diff --color -ru a/sftp-server.8 b/sftp-server.8 +--- a/sftp-server.8 2019-04-18 00:52:57.000000000 +0200 ++++ b/sftp-server.8 2022-06-20 16:03:47.892540068 +0200 @@ -38,6 +38,7 @@ .Op Fl P Ar blacklisted_requests .Op Fl p Ar whitelisted_requests @@ -9,21 +9,23 @@ diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8 .Ek .Nm .Fl Q Ar protocol_feature -@@ -138,6 +139,10 @@ Sets an explicit +@@ -138,6 +139,12 @@ .Xr umask 2 to be applied to newly-created files and directories, instead of the user's default mask. +.It Fl m Ar force_file_perms +Sets explicit file permissions to be applied to newly-created files instead +of the default or client requested mode. Numeric values include: -+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set. ++777, 755, 750, 666, 644, 640, etc. Using both -m and -u switches makes the ++umask (-u) effective only for newly created directories and explicit mode (-m) ++for newly created files. .El .Pp On some systems, -diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c ---- openssh-7.2p2/sftp-server.c.sftp-force-mode 2016-06-23 16:18:20.446854128 +0200 -+++ openssh-7.2p2/sftp-server.c 2016-06-23 16:20:37.950766082 +0200 -@@ -69,6 +69,10 @@ struct sshbuf *oqueue; +diff --color -ru a/sftp-server.c b/sftp-server.c +--- a/sftp-server.c 2022-06-20 16:01:26.183793633 +0200 ++++ b/sftp-server.c 2022-06-20 16:02:12.442690608 +0200 +@@ -65,6 +65,10 @@ /* Version of client */ static u_int version; @@ -34,7 +36,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c /* SSH2_FXP_INIT received */ static int init_done; -@@ -683,6 +687,7 @@ process_open(u_int32_t id) +@@ -683,6 +687,7 @@ Attrib a; char *name; int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE; @@ -42,7 +44,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ -@@ -692,6 +697,10 @@ process_open(u_int32_t id) +@@ -692,6 +697,10 @@ debug3("request %u: open flags %d", id, pflags); flags = flags_from_portable(pflags); mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; @@ -53,7 +55,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); if (readonly && -@@ -713,6 +722,8 @@ process_open(u_int32_t id) +@@ -713,6 +722,8 @@ } } } @@ -62,7 +64,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c if (status != SSH2_FX_OK) send_status(id, status); free(name); -@@ -1494,7 +1505,7 @@ sftp_server_usage(void) +@@ -1555,7 +1566,7 @@ fprintf(stderr, "usage: %s [-ehR] [-d start_directory] [-f log_facility] " "[-l log_level]\n\t[-P blacklisted_requests] " @@ -71,7 +73,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c " %s -Q protocol_feature\n", __progname, __progname); exit(1); -@@ -1520,7 +1531,7 @@ sftp_server_main(int argc, char **argv, +@@ -1581,7 +1592,7 @@ pw = pwcopy(user_pw); while (!skipargs && (ch = getopt(argc, argv, @@ -80,7 +82,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c switch (ch) { case 'Q': if (strcasecmp(optarg, "requests") != 0) { -@@ -1580,6 +1591,15 @@ sftp_server_main(int argc, char **argv, +@@ -1643,6 +1654,15 @@ fatal("Invalid umask \"%s\"", optarg); (void)umask((mode_t)mask); break; diff --git a/SOURCES/openssh-7.7p1-fips.patch b/SOURCES/openssh-7.7p1-fips.patch index 2fb8200..1f6fdc2 100644 --- a/SOURCES/openssh-7.7p1-fips.patch +++ b/SOURCES/openssh-7.7p1-fips.patch @@ -32,7 +32,7 @@ diff -up openssh-7.9p1/dh.c.fips openssh-7.9p1/dh.c struct dhgroup dhg; + if (FIPS_mode()) { -+ logit("Using arbitrary primes is not allowed in FIPS mode." ++ verbose("Using arbitrary primes is not allowed in FIPS mode." + " Falling back to known groups."); + return (dh_new_group_fallback(max)); + } diff --git a/SOURCES/openssh-7.8p1-UsePAM-warning.patch b/SOURCES/openssh-7.8p1-UsePAM-warning.patch index ef2c737..d4ddcf1 100644 --- a/SOURCES/openssh-7.8p1-UsePAM-warning.patch +++ b/SOURCES/openssh-7.8p1-UsePAM-warning.patch @@ -5,9 +5,9 @@ diff --git a/sshd.c b/sshd.c parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, cfg, NULL); -+ /* 'UsePAM no' is not supported in Fedora */ ++ /* 'UsePAM no' is not supported in RHEL */ + if (! options.use_pam) -+ logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."); ++ logit("WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems."); + /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); @@ -19,7 +19,7 @@ diff --git a/sshd_config b/sshd_config # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -+# WARNING: 'UsePAM no' is not supported in Fedora and may cause several ++# WARNING: 'UsePAM no' is not supported in RHEL and may cause several +# problems. UsePAM yes diff --git a/SOURCES/openssh-8.0p1-crypto-policy-doc.patch b/SOURCES/openssh-8.0p1-crypto-policy-doc.patch new file mode 100644 index 0000000..483f1c8 --- /dev/null +++ b/SOURCES/openssh-8.0p1-crypto-policy-doc.patch @@ -0,0 +1,25 @@ +diff --color -ru a/sshd.8 b/sshd.8 +--- a/sshd.8 2022-05-31 13:39:10.231843926 +0200 ++++ b/sshd.8 2022-05-31 14:34:01.460815420 +0200 +@@ -78,6 +78,7 @@ + .Xr sshd_config 5 ) ; + command-line options override values specified in the + configuration file. ++This mechanism is used by systemd to apply system-wide crypto-policies to ssh server. + .Nm + rereads its configuration file when it receives a hangup signal, + .Dv SIGHUP , +@@ -207,6 +208,13 @@ + rules may be applied by specifying the connection parameters using one or more + .Fl C + options. ++The configuration does not contain the system-wide crypto-policy configuration. ++To show the most accurate runtime configuration, use: ++.Bd -literal -offset 3n ++source /etc/crypto-policies/back-ends/opensshserver.config ++source /etc/sysconfig/sshd ++sshd -T $OPTIONS $CRYPTO_POLICY ++.Ed + .It Fl t + Test mode. + Only check the validity of the configuration file and sanity of the keys. diff --git a/SOURCES/openssh-8.0p1-sftp-realpath.patch b/SOURCES/openssh-8.0p1-sftp-realpath.patch new file mode 100644 index 0000000..37e32ca --- /dev/null +++ b/SOURCES/openssh-8.0p1-sftp-realpath.patch @@ -0,0 +1,273 @@ +diff --color -ruN a/Makefile.in b/Makefile.in +--- a/Makefile.in 2022-06-23 11:31:10.168186838 +0200 ++++ b/Makefile.in 2022-06-23 11:32:19.146513347 +0200 +@@ -125,7 +125,7 @@ + monitor.o monitor_wrap.o auth-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ +- sftp-server.o sftp-common.o \ ++ sftp-server.o sftp-common.o sftp-realpath.o \ + sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ + sandbox-solaris.o uidswap.o +@@ -217,8 +217,8 @@ + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + +-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o +- $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ++sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-realpath.o sftp-server.o sftp-server-main.o ++ $(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) +diff --color -ruN a/sftp-realpath.c b/sftp-realpath.c +--- a/sftp-realpath.c 1970-01-01 01:00:00.000000000 +0100 ++++ b/sftp-realpath.c 2022-06-23 11:35:33.193244873 +0200 +@@ -0,0 +1,225 @@ ++/* $OpenBSD: sftp-realpath.c,v 1.2 2021/09/02 21:03:54 deraadt Exp $ */ ++/* ++ * Copyright (c) 2003 Constantin S. Svintsoff ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The names of the authors may not be used to endorse or promote ++ * products derived from this software without specific prior written ++ * permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include "includes.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifndef SYMLOOP_MAX ++# define SYMLOOP_MAX 32 ++#endif ++ ++/* XXX rewrite sftp-server to use POSIX realpath and remove this hack */ ++ ++char *sftp_realpath(const char *path, char *resolved); ++ ++/* ++ * char *realpath(const char *path, char resolved[PATH_MAX]); ++ * ++ * Find the real name of path, by removing all ".", ".." and symlink ++ * components. Returns (resolved) on success, or (NULL) on failure, ++ * in which case the path which caused trouble is left in (resolved). ++ */ ++char * ++sftp_realpath(const char *path, char *resolved) ++{ ++ struct stat sb; ++ char *p, *q, *s; ++ size_t left_len, resolved_len; ++ unsigned symlinks; ++ int serrno, slen, mem_allocated; ++ char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; ++ ++ if (path[0] == '\0') { ++ errno = ENOENT; ++ return (NULL); ++ } ++ ++ serrno = errno; ++ ++ if (resolved == NULL) { ++ resolved = malloc(PATH_MAX); ++ if (resolved == NULL) ++ return (NULL); ++ mem_allocated = 1; ++ } else ++ mem_allocated = 0; ++ ++ symlinks = 0; ++ if (path[0] == '/') { ++ resolved[0] = '/'; ++ resolved[1] = '\0'; ++ if (path[1] == '\0') ++ return (resolved); ++ resolved_len = 1; ++ left_len = strlcpy(left, path + 1, sizeof(left)); ++ } else { ++ if (getcwd(resolved, PATH_MAX) == NULL) { ++ if (mem_allocated) ++ free(resolved); ++ else ++ strlcpy(resolved, ".", PATH_MAX); ++ return (NULL); ++ } ++ resolved_len = strlen(resolved); ++ left_len = strlcpy(left, path, sizeof(left)); ++ } ++ if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ ++ /* ++ * Iterate over path components in `left'. ++ */ ++ while (left_len != 0) { ++ /* ++ * Extract the next path component and adjust `left' ++ * and its length. ++ */ ++ p = strchr(left, '/'); ++ s = p ? p : left + left_len; ++ if (s - left >= (ptrdiff_t)sizeof(next_token)) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ memcpy(next_token, left, s - left); ++ next_token[s - left] = '\0'; ++ left_len -= s - left; ++ if (p != NULL) ++ memmove(left, s + 1, left_len + 1); ++ if (resolved[resolved_len - 1] != '/') { ++ if (resolved_len + 1 >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ resolved[resolved_len++] = '/'; ++ resolved[resolved_len] = '\0'; ++ } ++ if (next_token[0] == '\0') ++ continue; ++ else if (strcmp(next_token, ".") == 0) ++ continue; ++ else if (strcmp(next_token, "..") == 0) { ++ /* ++ * Strip the last path component except when we have ++ * single "/" ++ */ ++ if (resolved_len > 1) { ++ resolved[resolved_len - 1] = '\0'; ++ q = strrchr(resolved, '/') + 1; ++ *q = '\0'; ++ resolved_len = q - resolved; ++ } ++ continue; ++ } ++ ++ /* ++ * Append the next path component and lstat() it. If ++ * lstat() fails we still can return successfully if ++ * there are no more path components left. ++ */ ++ resolved_len = strlcat(resolved, next_token, PATH_MAX); ++ if (resolved_len >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ if (lstat(resolved, &sb) != 0) { ++ if (errno == ENOENT && p == NULL) { ++ errno = serrno; ++ return (resolved); ++ } ++ goto err; ++ } ++ if (S_ISLNK(sb.st_mode)) { ++ if (symlinks++ > SYMLOOP_MAX) { ++ errno = ELOOP; ++ goto err; ++ } ++ slen = readlink(resolved, symlink, sizeof(symlink) - 1); ++ if (slen < 0) ++ goto err; ++ symlink[slen] = '\0'; ++ if (symlink[0] == '/') { ++ resolved[1] = 0; ++ resolved_len = 1; ++ } else if (resolved_len > 1) { ++ /* Strip the last path component. */ ++ resolved[resolved_len - 1] = '\0'; ++ q = strrchr(resolved, '/') + 1; ++ *q = '\0'; ++ resolved_len = q - resolved; ++ } ++ ++ /* ++ * If there are any path components left, then ++ * append them to symlink. The result is placed ++ * in `left'. ++ */ ++ if (p != NULL) { ++ if (symlink[slen - 1] != '/') { ++ if (slen + 1 >= ++ (ptrdiff_t)sizeof(symlink)) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ symlink[slen] = '/'; ++ symlink[slen + 1] = 0; ++ } ++ left_len = strlcat(symlink, left, sizeof(symlink)); ++ if (left_len >= sizeof(symlink)) { ++ errno = ENAMETOOLONG; ++ goto err; ++ } ++ } ++ left_len = strlcpy(left, symlink, sizeof(left)); ++ } ++ } ++ ++ /* ++ * Remove trailing slash except when the resolved pathname ++ * is a single "/". ++ */ ++ if (resolved_len > 1 && resolved[resolved_len - 1] == '/') ++ resolved[resolved_len - 1] = '\0'; ++ return (resolved); ++ ++err: ++ if (mem_allocated) ++ free(resolved); ++ return (NULL); ++} +diff --color -ruN a/sftp-server.c b/sftp-server.c +--- a/sftp-server.c 2022-06-23 11:31:10.147186434 +0200 ++++ b/sftp-server.c 2022-06-23 11:32:19.147513366 +0200 +@@ -51,6 +51,8 @@ + #include "sftp.h" + #include "sftp-common.h" + ++char *sftp_realpath(const char *, char *); /* sftp-realpath.c */ ++ + /* Our verbosity */ + static LogLevel log_level = SYSLOG_LEVEL_ERROR; + +@@ -1185,7 +1187,7 @@ + } + debug3("request %u: realpath", id); + verbose("realpath \"%s\"", path); +- if (realpath(path, resolvedname) == NULL) { ++ if (sftp_realpath(path, resolvedname) == NULL) { + send_status(id, errno_to_portable(errno)); + } else { + Stat s; diff --git a/SOURCES/openssh-8.0p1-sshd_include.patch b/SOURCES/openssh-8.0p1-sshd_include.patch index 03c4636..9b634cc 100644 --- a/SOURCES/openssh-8.0p1-sshd_include.patch +++ b/SOURCES/openssh-8.0p1-sshd_include.patch @@ -779,7 +779,7 @@ diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c - cfg, NULL); + cfg, &includes, NULL); - /* 'UsePAM no' is not supported in Fedora */ + /* 'UsePAM no' is not supported in RHEL */ if (! options.use_pam) @@ -1946,7 +1978,7 @@ main(int ac, char **av) if (connection_info == NULL) diff --git a/SOURCES/openssh-8.7p1-minimize-sha1-use.patch b/SOURCES/openssh-8.7p1-minimize-sha1-use.patch new file mode 100644 index 0000000..e5a8dee --- /dev/null +++ b/SOURCES/openssh-8.7p1-minimize-sha1-use.patch @@ -0,0 +1,166 @@ +diff --color -ru a/kex.c b/kex.c +--- a/kex.c 2022-06-23 10:25:29.529922670 +0200 ++++ b/kex.c 2022-06-23 10:26:12.911762100 +0200 +@@ -906,6 +906,18 @@ + return (1); + } + ++/* returns non-zero if proposal contains any algorithm from algs */ ++static int ++has_any_alg(const char *proposal, const char *algs) ++{ ++ char *cp; ++ ++ if ((cp = match_list(proposal, algs, NULL)) == NULL) ++ return 0; ++ free(cp); ++ return 1; ++} ++ + static int + kex_choose_conf(struct ssh *ssh) + { +@@ -941,6 +953,16 @@ + free(ext); + } + ++ /* Check whether client supports rsa-sha2 algorithms */ ++ if (kex->server && (kex->flags & KEX_INITIAL)) { ++ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS], ++ "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com")) ++ kex->flags |= KEX_RSA_SHA2_256_SUPPORTED; ++ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS], ++ "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com")) ++ kex->flags |= KEX_RSA_SHA2_512_SUPPORTED; ++ } ++ + /* Algorithm Negotiation */ + if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], + sprop[PROPOSAL_KEX_ALGS])) != 0) { +diff --color -ru a/kex.h b/kex.h +--- a/kex.h 2022-06-23 10:25:29.511922322 +0200 ++++ b/kex.h 2022-06-23 10:26:12.902761926 +0200 +@@ -117,6 +117,8 @@ + + #define KEX_INIT_SENT 0x0001 + #define KEX_INITIAL 0x0002 ++#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ ++#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ + + struct sshenc { + char *name; +diff --color -ru a/serverloop.c b/serverloop.c +--- a/serverloop.c 2022-06-23 10:25:29.537922825 +0200 ++++ b/serverloop.c 2022-06-23 10:26:12.918762235 +0200 +@@ -736,16 +736,17 @@ + struct sshbuf *resp = NULL; + struct sshbuf *sigbuf = NULL; + struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; +- int r, ndx, kexsigtype, use_kexsigtype, success = 0; ++ int r, ndx, success = 0; + const u_char *blob; ++ const char *sigalg, *kex_rsa_sigalg = NULL; + u_char *sig = 0; + size_t blen, slen; + + if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); +- +- kexsigtype = sshkey_type_plain( +- sshkey_type_from_name(ssh->kex->hostkey_alg)); ++ if (sshkey_type_plain(sshkey_type_from_name( ++ ssh->kex->hostkey_alg)) == KEY_RSA) ++ kex_rsa_sigalg = ssh->kex->hostkey_alg; + while (ssh_packet_remaining(ssh) > 0) { + sshkey_free(key); + key = NULL; +@@ -780,16 +781,24 @@ + * For RSA keys, prefer to use the signature type negotiated + * during KEX to the default (SHA1). + */ +- use_kexsigtype = kexsigtype == KEY_RSA && +- sshkey_type_plain(key->type) == KEY_RSA; ++ sigalg = NULL; ++ if (sshkey_type_plain(key->type) == KEY_RSA) { ++ if (kex_rsa_sigalg != NULL) ++ sigalg = kex_rsa_sigalg; ++ else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED) ++ sigalg = "rsa-sha2-512"; ++ else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED) ++ sigalg = "rsa-sha2-256"; ++ } ++ debug3("%s: sign %s key (index %d) using sigalg %s", __func__, ++ sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg); + if ((r = sshbuf_put_cstring(sigbuf, + "hostkeys-prove-00@openssh.com")) != 0 || + (r = sshbuf_put_string(sigbuf, + ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || + (r = sshkey_puts(key, sigbuf)) != 0 || + (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, +- sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), +- use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || ++ sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 || + (r = sshbuf_put_string(resp, sig, slen)) != 0) { + error("%s: couldn't prepare signature: %s", + __func__, ssh_err(r)); +diff --color -ru a/sshkey.c b/sshkey.c +--- a/sshkey.c 2022-06-23 10:25:29.532922728 +0200 ++++ b/sshkey.c 2022-06-23 10:26:12.914762158 +0200 +@@ -82,7 +82,6 @@ + struct sshbuf *buf, enum sshkey_serialize_rep); + static int sshkey_from_blob_internal(struct sshbuf *buf, + struct sshkey **keyp, int allow_cert); +-static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); + + /* Supported key types */ + struct keytype { +@@ -2092,7 +2091,8 @@ + if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, + sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) + goto out; +- if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0) ++ if ((ret = sshkey_get_sigtype(sig, slen, ++ &key->cert->signature_type)) != 0) + goto out; + + /* Success */ +@@ -2394,8 +2394,8 @@ + return r; + } + +-static int +-get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) ++int ++sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) + { + int r; + struct sshbuf *b = NULL; +@@ -2477,7 +2477,7 @@ + return 0; + if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) + return SSH_ERR_INVALID_ARGUMENT; +- if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) ++ if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) + return r; + r = strcmp(expected_alg, sigtype) == 0; + free(sigtype); +@@ -2739,7 +2739,7 @@ + sshbuf_len(cert), alg, 0, signer_ctx)) != 0) + goto out; + /* Check and update signature_type against what was actually used */ +- if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0) ++ if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) + goto out; + if (alg != NULL && strcmp(alg, sigtype) != 0) { + ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; +diff --color -ru a/sshkey.h b/sshkey.h +--- a/sshkey.h 2022-06-23 10:25:29.521922515 +0200 ++++ b/sshkey.h 2022-06-23 10:26:12.907762022 +0200 +@@ -211,6 +211,7 @@ + const u_char *, size_t, const char *, u_int); + int sshkey_check_sigtype(const u_char *, size_t, const char *); + const char *sshkey_sigalg_by_name(const char *); ++int sshkey_get_sigtype(const u_char *, size_t, char **); + + /* for debug */ + void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 03de9c6..bf9c10f 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -66,7 +66,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 13 +%global openssh_rel 16 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -257,6 +257,21 @@ Patch981: openssh-8.0p1-sshd_include.patch # upstream commit: # 69334996ae203c51c70bf01d414c918a44618f8e Patch982: openssh-8.0p1-client_alive_count_max.patch +# add a local implementation of BSD realpath() for sftp-server +# use ahead of OpenBSD's realpath changing to match POSIX +# upstream commits: +# 569b650f93b561c09c655f83f128e1dfffe74101 +# 53a6ebf1445a857f5e487b18ee5e5830a9575149 +# 5428b0d239f6b516c81d1dd15aa9fe9e60af75d4 +Patch983: openssh-8.0p1-sftp-realpath.patch +# include caveat for crypto-policy in sshd manpage (#2044354) +Patch984: openssh-8.0p1-crypto-policy-doc.patch +# minimize the use of SHA1 as a proof of possession for RSA key (#2093897) +# upstream commits: +# 291721bc7c840d113a49518f3fca70e86248b8e8 +# 0fa33683223c76289470a954404047bc762be84c +# f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a +Patch985: openssh-8.7p1-minimize-sha1-use.patch License: BSD Group: Applications/Internet @@ -485,6 +500,9 @@ popd %patch980 -p1 -b .cve-2021-41617 %patch981 -p1 -b .sshdinclude %patch982 -p1 -b .client_alive_count_max +%patch983 -p1 -b .sftp-realpath +%patch984 -p1 -b .crypto-policy-doc +%patch985 -p1 -b .minimize-sha1-use %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -776,6 +794,20 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Wed Jun 29 2022 Zoltan Fridrich - 8.0p1-16 +- Omit client side from minimize-sha1-use.patch to prevent regression (#2093897) + +* Thu Jun 23 2022 Zoltan Fridrich - 8.0p1-15 +- Fix new issues found by static analyzers + +* Wed Jun 01 2022 Zoltan Fridrich - 8.0p1-14 +- Upstream: add a local implementation of BSD realpath() for sftp-server (#2064249) +- Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch (#1953807) +- Include caveat for crypto-policy in sshd manpage (#2044354) +- Change log level of FIPS specific log message to verbose (#2050511) +- Clarify force_file_perms (-m) documentation in sftp-server manpage (#1862504) +- Minimize the use of SHA1 as a proof of possession for RSA key (#2093897) + * Tue Oct 26 2021 Dmitry Belyavskiy - 8.0p1-13 - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour (#2015828)