Merge ~sergiodj/ubuntu/+source/openssh:lp1966591-ssh-keygen-permission-bionic into ubuntu/+source/openssh:ubuntu/devel
- Git
- lp:~sergiodj/ubuntu/+source/openssh
- lp1966591-ssh-keygen-permission-bionic
- Merge into ubuntu/devel
Status: | Superseded | ||||
---|---|---|---|---|---|
Proposed branch: | ~sergiodj/ubuntu/+source/openssh:lp1966591-ssh-keygen-permission-bionic | ||||
Merge into: | ubuntu/+source/openssh:ubuntu/devel | ||||
Diff against target: |
1411 lines (+1309/-0) (has conflicts) 13 files modified
debian/changelog (+75/-0) debian/control (+8/-0) debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch (+46/-0) debian/patches/CVE-2018-15473.patch (+138/-0) debian/patches/CVE-2018-20685.patch (+29/-0) debian/patches/CVE-2019-6109-1.patch (+253/-0) debian/patches/CVE-2019-6109-2.patch (+106/-0) debian/patches/CVE-2019-6111-2.patch (+348/-0) debian/patches/CVE-2019-6111.patch (+182/-0) debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch (+31/-0) debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch (+31/-0) debian/patches/regress-2020.patch (+44/-0) debian/patches/series (+18/-0) Conflict in debian/changelog Conflict in debian/control Conflict in debian/patches/series |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server packageset reviewers | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+418099@code.launchpad.net |
Commit message
Description of the change
This MP fixes bug #1966591 on Bionic.
From the SRU template:
When using "ssh-keygen -R" to remove a host from "known_hosts" the command changes permissions on the file. This can cause problems particularly when used on the global "known_hosts" file (/etc/ssh/
This bug has been fixed upstream (https:/
The idea is to do a single SRU upload with this MP plus Athos' changes to fix bug #1903516.
There is a PPA with the proposed change here:
https:/
autopkgtest is still running, but I don't expect any problems. I'll post the results when they're done.
Unmerged commits
- 80f1bdb... by Sergio Durigan Junior
-
changelog for 1:7.6p1-4ubuntu0.7
- 828e903... by Sergio Durigan Junior
-
* d/p/0001-
upstream- preserve- group-world- read-permission -on-kno. patch:
Preserve group/world read permissions on known_hosts. (LP: #1966591) - 5488a2a... by Christian Ehrhardt
-
1:7.6p1-4ubuntu0.6 (patches unapplied)
Imported using git-ubuntu import.
- f271687... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.5 (patches unapplied)
Imported using git-ubuntu import.
- 18afe7e... by Dimitri John Ledkov
-
1:7.6p1-4ubuntu0.4 (patches unapplied)
Imported using git-ubuntu import.
- 4ac6e76... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.3 (patches unapplied)
Imported using git-ubuntu import.
- 844c653... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.2 (patches unapplied)
Imported using git-ubuntu import.
- 95749f1... by Leonidas S. Barbosa
-
1:7.6p1-4ubuntu0.1 (patches unapplied)
Imported using git-ubuntu import.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 9d6fadc..22a71c9 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,4 @@ |
6 | +<<<<<<< debian/changelog |
7 | openssh (1:8.9p1-3) unstable; urgency=medium |
8 | |
9 | * Allow ppoll_time64 in seccomp filter (closes: #1006445). |
10 | @@ -1532,6 +1533,80 @@ openssh (1:7.6p1-5) unstable; urgency=medium |
11 | #894558). |
12 | |
13 | -- Colin Watson <cjwatson@debian.org> Sun, 01 Apr 2018 21:37:19 +0100 |
14 | +======= |
15 | +openssh (1:7.6p1-4ubuntu0.7) bionic; urgency=medium |
16 | + |
17 | + * d/p/0001-upstream-preserve-group-world-read-permission-on-kno.patch: |
18 | + Preserve group/world read permissions on known_hosts. (LP: #1966591) |
19 | + |
20 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 30 Mar 2022 19:04:23 -0400 |
21 | + |
22 | +openssh (1:7.6p1-4ubuntu0.6) bionic; urgency=medium |
23 | + |
24 | + * fix clients advertising version 1.99 (LP: #1863930) |
25 | + - d/p/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch |
26 | + - d/p/lp-1863930-unbreak-clients-that-advertise-protocol.patch |
27 | + |
28 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Mar 2020 07:47:02 +0100 |
29 | + |
30 | +openssh (1:7.6p1-4ubuntu0.5) bionic-security; urgency=medium |
31 | + |
32 | + * SECURITY REGRESSION: User enumeration issue (LP: #1934501) |
33 | + - debian/patches/CVE-2018-15473.patch: updated to fix bad patch |
34 | + backport. |
35 | + |
36 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 11 Aug 2021 14:02:09 -0400 |
37 | + |
38 | +openssh (1:7.6p1-4ubuntu0.4) bionic; urgency=medium |
39 | + |
40 | + * Apply upstream patch to stop using 2020 as a future date in regress |
41 | + tests. LP: #1859013 |
42 | + |
43 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 10 Jan 2020 00:00:50 +0000 |
44 | + |
45 | +openssh (1:7.6p1-4ubuntu0.3) bionic-security; urgency=medium |
46 | + |
47 | + * SECURITY UPDATE: Incomplete fix for CVE-2019-6111 |
48 | + - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename |
49 | + check in scp.c. |
50 | + - CVE-2019-6111 |
51 | + * Fixed inverted CVE numbers in patch filenames and in previous |
52 | + changelog. |
53 | + |
54 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Mar 2019 07:17:51 -0500 |
55 | + |
56 | +openssh (1:7.6p1-4ubuntu0.2) bionic-security; urgency=medium |
57 | + |
58 | + * SECURITY UPDATE: access restrictions bypass in scp |
59 | + - debian/patches/CVE-2018-20685.patch: disallow empty filenames |
60 | + or ones that refer to the current directory in scp.c. |
61 | + - CVE-2018-20685 |
62 | + * SECURITY UPDATE: scp client spoofing via object name |
63 | + - debian/patches/CVE-2019-6111.patch: make sure the filenames match |
64 | + the wildcard specified by the user, and add new flag to relax the new |
65 | + restrictions in scp.c, scp.1. |
66 | + - CVE-2019-6111 |
67 | + * SECURITY UPDATE: scp client missing received object name validation |
68 | + - debian/patches/CVE-2019-6109-1.patch: sanitize scp filenames via |
69 | + snmprintf in atomicio.c, progressmeter.c, progressmeter.h, |
70 | + scp.c, sftp-client.c. |
71 | + - debian/patches/CVE-2019-6109-2.patch: force progressmeter updates in |
72 | + progressmeter.c, progressmeter.h, scp.c, sftp-client.c. |
73 | + - CVE-2019-6109 |
74 | + |
75 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 31 Jan 2019 08:58:34 -0500 |
76 | + |
77 | +openssh (1:7.6p1-4ubuntu0.1) bionic-security; urgency=medium |
78 | + |
79 | + [ Ryan Finnie ] |
80 | + * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) |
81 | + - debian/patches/CVE-2018-15473.patch: delay bailout for invalid |
82 | + authenticating user until after the packet containing the request |
83 | + has been fully parsed. |
84 | + - CVE-2018-15473 |
85 | + |
86 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 05 Nov 2018 08:51:29 -0300 |
87 | +>>>>>>> debian/changelog |
88 | |
89 | openssh (1:7.6p1-4) unstable; urgency=medium |
90 | |
91 | diff --git a/debian/control b/debian/control |
92 | index f9dc5f7..98035fb 100644 |
93 | --- a/debian/control |
94 | +++ b/debian/control |
95 | @@ -1,9 +1,17 @@ |
96 | Source: openssh |
97 | Section: net |
98 | Priority: standard |
99 | +<<<<<<< debian/control |
100 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
101 | Build-Depends: debhelper (>= 13.1~), |
102 | debhelper-compat (= 13), |
103 | +======= |
104 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
105 | +XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
106 | +Build-Depends: autotools-dev, |
107 | + debhelper (>= 9.20160709~), |
108 | + dh-autoreconf, |
109 | +>>>>>>> debian/control |
110 | dh-exec, |
111 | dh-runit (>= 2.8.8), |
112 | dpkg-dev (>= 1.16.1~), |
113 | diff --git a/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch b/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch |
114 | new file mode 100644 |
115 | index 0000000..433ebfb |
116 | --- /dev/null |
117 | +++ b/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch |
118 | @@ -0,0 +1,46 @@ |
119 | +From: "djm@openbsd.org" <djm@openbsd.org> |
120 | +Date: Wed, 13 May 2020 09:55:57 +0000 |
121 | +Subject: upstream: preserve group/world read permission on known_hosts |
122 | + |
123 | +file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove |
124 | +all rights for group/other. bz#3146 ok dtucker@ |
125 | + |
126 | +OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a |
127 | + |
128 | +Origin: backport, https://github.com/openssh/openssh-portable/commit/f2d84f1b3fa68d77c99238d4c645d0266fae2a74 |
129 | +Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3146 |
130 | +Bug-Ubuntu: https://bugs.launchpad.net/openssh/+bug/1966591 |
131 | +Applied-Upstream: 8.4 |
132 | +--- |
133 | + ssh-keygen.c | 4 ++++ |
134 | + 1 file changed, 4 insertions(+) |
135 | + |
136 | +diff --git a/ssh-keygen.c b/ssh-keygen.c |
137 | +index 835f7d0..bfc5233 100644 |
138 | +--- a/ssh-keygen.c |
139 | ++++ b/ssh-keygen.c |
140 | +@@ -1235,6 +1235,7 @@ do_known_hosts(struct passwd *pw, const char *name) |
141 | + int r, fd, oerrno, inplace = 0; |
142 | + struct known_hosts_ctx ctx; |
143 | + u_int foreach_options; |
144 | ++ struct stat sb; |
145 | + |
146 | + if (!have_identity) { |
147 | + cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
148 | +@@ -1244,6 +1245,8 @@ do_known_hosts(struct passwd *pw, const char *name) |
149 | + free(cp); |
150 | + have_identity = 1; |
151 | + } |
152 | ++ if (stat(identity_file, &sb) != 0) |
153 | ++ fatal("Cannot stat %s: %s", identity_file, strerror(errno)); |
154 | + |
155 | + memset(&ctx, 0, sizeof(ctx)); |
156 | + ctx.out = stdout; |
157 | +@@ -1267,6 +1270,7 @@ do_known_hosts(struct passwd *pw, const char *name) |
158 | + unlink(tmp); |
159 | + fatal("fdopen: %s", strerror(oerrno)); |
160 | + } |
161 | ++ fchmod(fd, sb.st_mode & 0644); |
162 | + inplace = 1; |
163 | + } |
164 | + |
165 | diff --git a/debian/patches/CVE-2018-15473.patch b/debian/patches/CVE-2018-15473.patch |
166 | new file mode 100644 |
167 | index 0000000..f439e37 |
168 | --- /dev/null |
169 | +++ b/debian/patches/CVE-2018-15473.patch |
170 | @@ -0,0 +1,138 @@ |
171 | +Updated: 2021-08-11 |
172 | +Backport of: |
173 | + |
174 | +From 779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 Mon Sep 17 00:00:00 2001 |
175 | +From: djm <djm@openbsd.org> |
176 | +Date: Tue, 31 Jul 2018 03:10:27 +0000 |
177 | +Subject: [PATCH] =?UTF-8?q?delay=20bailout=20for=20invalid=20authenticatin?= |
178 | + =?UTF-8?q?g=20user=20until=20after=20the=20packet=20containing=20the=20re?= |
179 | + =?UTF-8?q?quest=20has=20been=20fully=20parsed.=20Reported=20by=20Dariusz?= |
180 | + =?UTF-8?q?=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= |
181 | +MIME-Version: 1.0 |
182 | +Content-Type: text/plain; charset=UTF-8 |
183 | +Content-Transfer-Encoding: 8bit |
184 | + |
185 | +delay bailout for invalid authenticating user until after the packet |
186 | +containing the request has been fully parsed. |
187 | + |
188 | +--- |
189 | + auth2-gss.c | 9 ++++++--- |
190 | + auth2-hostbased.c | 9 +++++---- |
191 | + auth2-pubkey.c | 21 ++++++++++++++------- |
192 | + 3 files changed, 25 insertions(+), 14 deletions(-) |
193 | + |
194 | +--- a/auth2-gss.c |
195 | ++++ b/auth2-gss.c |
196 | +@@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh) |
197 | + u_int len; |
198 | + u_char *doid = NULL; |
199 | + |
200 | +- if (!authctxt->valid || authctxt->user == NULL) |
201 | +- return (0); |
202 | +- |
203 | + mechs = packet_get_int(); |
204 | + if (mechs == 0) { |
205 | + debug("Mechanism negotiation is not supported"); |
206 | +@@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh) |
207 | + return (0); |
208 | + } |
209 | + |
210 | ++ if (!authctxt->valid || authctxt->user == NULL) { |
211 | ++ debug2("%s: disabled because of invalid user", __func__); |
212 | ++ free(doid); |
213 | ++ return (0); |
214 | ++ } |
215 | ++ |
216 | + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
217 | + if (ctxt != NULL) |
218 | + ssh_gssapi_delete_ctx(&ctxt); |
219 | +--- a/auth2-hostbased.c |
220 | ++++ b/auth2-hostbased.c |
221 | +@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) |
222 | + size_t alen, blen, slen; |
223 | + int r, pktype, authenticated = 0; |
224 | + |
225 | +- if (!authctxt->valid) { |
226 | +- debug2("%s: disabled because of invalid user", __func__); |
227 | +- return 0; |
228 | +- } |
229 | + /* XXX use sshkey_froms() */ |
230 | + if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || |
231 | + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || |
232 | +@@ -118,6 +114,11 @@ userauth_hostbased(struct ssh *ssh) |
233 | + goto done; |
234 | + } |
235 | + |
236 | ++ if (!authctxt->valid || authctxt->user == NULL) { |
237 | ++ debug2("%s: disabled because of invalid user", __func__); |
238 | ++ goto done; |
239 | ++ } |
240 | ++ |
241 | + service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
242 | + authctxt->service; |
243 | + if ((b = sshbuf_new()) == NULL) |
244 | +--- a/auth2-pubkey.c |
245 | ++++ b/auth2-pubkey.c |
246 | +@@ -77,18 +77,14 @@ static int |
247 | + userauth_pubkey(struct ssh *ssh) |
248 | + { |
249 | + Authctxt *authctxt = ssh->authctxt; |
250 | +- struct sshbuf *b; |
251 | ++ struct sshbuf *b = NULL; |
252 | + struct sshkey *key = NULL; |
253 | +- char *pkalg, *userstyle = NULL, *fp = NULL; |
254 | +- u_char *pkblob, *sig, have_sig; |
255 | ++ char *pkalg = NULL, *userstyle = NULL, *fp = NULL; |
256 | ++ u_char *pkblob = NULL, *sig = NULL, have_sig; |
257 | + size_t blen, slen; |
258 | + int r, pktype; |
259 | + int authenticated = 0; |
260 | + |
261 | +- if (!authctxt->valid) { |
262 | +- debug2("%s: disabled because of invalid user", __func__); |
263 | +- return 0; |
264 | +- } |
265 | + if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) |
266 | + fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); |
267 | + if (ssh->compat & SSH_BUG_PKAUTH) { |
268 | +@@ -166,6 +162,12 @@ userauth_pubkey(struct ssh *ssh) |
269 | + fatal("%s: sshbuf_put_string session id: %s", |
270 | + __func__, ssh_err(r)); |
271 | + } |
272 | ++ if (!authctxt->valid || authctxt->user == NULL) { |
273 | ++ debug2("%s: disabled because of invalid user", |
274 | ++ __func__); |
275 | ++ sshbuf_free(b); |
276 | ++ goto done; |
277 | ++ } |
278 | + /* reconstruct packet */ |
279 | + xasprintf(&userstyle, "%s%s%s", authctxt->user, |
280 | + authctxt->style ? ":" : "", |
281 | +@@ -202,7 +204,6 @@ userauth_pubkey(struct ssh *ssh) |
282 | + authenticated = 1; |
283 | + } |
284 | + sshbuf_free(b); |
285 | +- free(sig); |
286 | + auth2_record_key(authctxt, authenticated, key); |
287 | + } else { |
288 | + debug("%s: test whether pkalg/pkblob are acceptable for %s %s", |
289 | +@@ -210,6 +211,11 @@ userauth_pubkey(struct ssh *ssh) |
290 | + if ((r = sshpkt_get_end(ssh)) != 0) |
291 | + fatal("%s: %s", __func__, ssh_err(r)); |
292 | + |
293 | ++ if (!authctxt->valid || authctxt->user == NULL) { |
294 | ++ debug2("%s: disabled because of invalid user", |
295 | ++ __func__); |
296 | ++ goto done; |
297 | ++ } |
298 | + /* XXX fake reply and always send PK_OK ? */ |
299 | + /* |
300 | + * XXX this allows testing whether a user is allowed |
301 | +@@ -238,6 +244,7 @@ done: |
302 | + free(pkalg); |
303 | + free(pkblob); |
304 | + free(fp); |
305 | ++ free(sig); |
306 | + return authenticated; |
307 | + } |
308 | + |
309 | diff --git a/debian/patches/CVE-2018-20685.patch b/debian/patches/CVE-2018-20685.patch |
310 | new file mode 100644 |
311 | index 0000000..0c2b94a |
312 | --- /dev/null |
313 | +++ b/debian/patches/CVE-2018-20685.patch |
314 | @@ -0,0 +1,29 @@ |
315 | +Backport of: |
316 | + |
317 | +From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 |
318 | +From: "djm@openbsd.org" <djm@openbsd.org> |
319 | +Date: Fri, 16 Nov 2018 03:03:10 +0000 |
320 | +Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer |
321 | + to the |
322 | + |
323 | +current directory; based on report/patch from Harry Sintonen |
324 | + |
325 | +OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 |
326 | +--- |
327 | + scp.c | 5 +++-- |
328 | + 1 file changed, 3 insertions(+), 2 deletions(-) |
329 | + |
330 | +Index: openssh-7.6p1/scp.c |
331 | +=================================================================== |
332 | +--- openssh-7.6p1.orig/scp.c 2019-01-31 08:56:55.553635620 -0500 |
333 | ++++ openssh-7.6p1/scp.c 2019-01-31 08:56:55.553635620 -0500 |
334 | +@@ -1073,7 +1073,8 @@ sink(int argc, char **argv) |
335 | + SCREWUP("size out of range"); |
336 | + size = (off_t)ull; |
337 | + |
338 | +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { |
339 | ++ if (*cp == '\0' || strchr(cp, '/') != NULL || |
340 | ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { |
341 | + run_err("error: unexpected filename: %s", cp); |
342 | + exit(1); |
343 | + } |
344 | diff --git a/debian/patches/CVE-2019-6109-1.patch b/debian/patches/CVE-2019-6109-1.patch |
345 | new file mode 100644 |
346 | index 0000000..7da9698 |
347 | --- /dev/null |
348 | +++ b/debian/patches/CVE-2019-6109-1.patch |
349 | @@ -0,0 +1,253 @@ |
350 | +Backport of: |
351 | + |
352 | +From 8976f1c4b2721c26e878151f52bdf346dfe2d54c Mon Sep 17 00:00:00 2001 |
353 | +From: "dtucker@openbsd.org" <dtucker@openbsd.org> |
354 | +Date: Wed, 23 Jan 2019 08:01:46 +0000 |
355 | +Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we |
356 | + move |
357 | + |
358 | +the progressmeter formatting outside of signal handler context and have the |
359 | +atomicio callback called for EINTR too. bz#2434 with contributions from djm |
360 | +and jjelen at redhat.com, ok djm@ |
361 | + |
362 | +OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 |
363 | +--- |
364 | + atomicio.c | 20 ++++++++++++++----- |
365 | + progressmeter.c | 53 ++++++++++++++++++++++--------------------------- |
366 | + progressmeter.h | 3 ++- |
367 | + scp.c | 3 ++- |
368 | + sftp-client.c | 18 +++++++++-------- |
369 | + 5 files changed, 53 insertions(+), 44 deletions(-) |
370 | + |
371 | +Index: openssh-7.6p1/atomicio.c |
372 | +=================================================================== |
373 | +--- openssh-7.6p1.orig/atomicio.c 2019-01-31 08:58:23.885841566 -0500 |
374 | ++++ openssh-7.6p1/atomicio.c 2019-01-31 08:58:23.881841557 -0500 |
375 | +@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, siz |
376 | + res = (f) (fd, s + pos, n - pos); |
377 | + switch (res) { |
378 | + case -1: |
379 | +- if (errno == EINTR) |
380 | ++ if (errno == EINTR) { |
381 | ++ /* possible SIGALARM, update callback */ |
382 | ++ if (cb != NULL && cb(cb_arg, 0) == -1) { |
383 | ++ errno = EINTR; |
384 | ++ return pos; |
385 | ++ } |
386 | + continue; |
387 | +- if (errno == EAGAIN || errno == EWOULDBLOCK) { |
388 | ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { |
389 | + #ifndef BROKEN_READ_COMPARISON |
390 | + (void)poll(&pfd, 1, -1); |
391 | + #endif |
392 | +@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const stru |
393 | + res = (f) (fd, iov, iovcnt); |
394 | + switch (res) { |
395 | + case -1: |
396 | +- if (errno == EINTR) |
397 | ++ if (errno == EINTR) { |
398 | ++ /* possible SIGALARM, update callback */ |
399 | ++ if (cb != NULL && cb(cb_arg, 0) == -1) { |
400 | ++ errno = EINTR; |
401 | ++ return pos; |
402 | ++ } |
403 | + continue; |
404 | +- if (errno == EAGAIN || errno == EWOULDBLOCK) { |
405 | ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { |
406 | + #ifndef BROKEN_READV_COMPARISON |
407 | + (void)poll(&pfd, 1, -1); |
408 | + #endif |
409 | +Index: openssh-7.6p1/progressmeter.c |
410 | +=================================================================== |
411 | +--- openssh-7.6p1.orig/progressmeter.c 2019-01-31 08:58:23.885841566 -0500 |
412 | ++++ openssh-7.6p1/progressmeter.c 2019-01-31 08:58:23.881841557 -0500 |
413 | +@@ -31,6 +31,7 @@ |
414 | + |
415 | + #include <errno.h> |
416 | + #include <signal.h> |
417 | ++#include <stdarg.h> |
418 | + #include <stdio.h> |
419 | + #include <string.h> |
420 | + #include <time.h> |
421 | +@@ -39,6 +40,7 @@ |
422 | + #include "progressmeter.h" |
423 | + #include "atomicio.h" |
424 | + #include "misc.h" |
425 | ++#include "utf8.h" |
426 | + |
427 | + #define DEFAULT_WINSIZE 80 |
428 | + #define MAX_WINSIZE 512 |
429 | +@@ -61,7 +63,7 @@ static void setscreensize(void); |
430 | + void refresh_progress_meter(void); |
431 | + |
432 | + /* signal handler for updating the progress meter */ |
433 | +-static void update_progress_meter(int); |
434 | ++static void sig_alarm(int); |
435 | + |
436 | + static double start; /* start progress */ |
437 | + static double last_update; /* last progress update */ |
438 | +@@ -74,6 +76,7 @@ static long stalled; /* how long we hav |
439 | + static int bytes_per_second; /* current speed in bytes per second */ |
440 | + static int win_size; /* terminal window size */ |
441 | + static volatile sig_atomic_t win_resized; /* for window resizing */ |
442 | ++static volatile sig_atomic_t alarm_fired; |
443 | + |
444 | + /* units for format_size */ |
445 | + static const char unit[] = " KMGT"; |
446 | +@@ -126,9 +129,17 @@ refresh_progress_meter(void) |
447 | + off_t bytes_left; |
448 | + int cur_speed; |
449 | + int hours, minutes, seconds; |
450 | +- int i, len; |
451 | + int file_len; |
452 | + |
453 | ++ if ((!alarm_fired && !win_resized) || !can_output()) |
454 | ++ return; |
455 | ++ alarm_fired = 0; |
456 | ++ |
457 | ++ if (win_resized) { |
458 | ++ setscreensize(); |
459 | ++ win_resized = 0; |
460 | ++ } |
461 | ++ |
462 | + transferred = *counter - (cur_pos ? cur_pos : start_pos); |
463 | + cur_pos = *counter; |
464 | + now = monotime_double(); |
465 | +@@ -158,16 +169,11 @@ refresh_progress_meter(void) |
466 | + |
467 | + /* filename */ |
468 | + buf[0] = '\0'; |
469 | +- file_len = win_size - 35; |
470 | ++ file_len = win_size - 36; |
471 | + if (file_len > 0) { |
472 | +- len = snprintf(buf, file_len + 1, "\r%s", file); |
473 | +- if (len < 0) |
474 | +- len = 0; |
475 | +- if (len >= file_len + 1) |
476 | +- len = file_len; |
477 | +- for (i = len; i < file_len; i++) |
478 | +- buf[i] = ' '; |
479 | +- buf[file_len] = '\0'; |
480 | ++ buf[0] = '\r'; |
481 | ++ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", |
482 | ++ file_len * -1, file); |
483 | + } |
484 | + |
485 | + /* percent of transfer done */ |
486 | +@@ -228,22 +234,11 @@ refresh_progress_meter(void) |
487 | + |
488 | + /*ARGSUSED*/ |
489 | + static void |
490 | +-update_progress_meter(int ignore) |
491 | ++sig_alarm(int ignore) |
492 | + { |
493 | +- int save_errno; |
494 | +- |
495 | +- save_errno = errno; |
496 | +- |
497 | +- if (win_resized) { |
498 | +- setscreensize(); |
499 | +- win_resized = 0; |
500 | +- } |
501 | +- if (can_output()) |
502 | +- refresh_progress_meter(); |
503 | +- |
504 | +- signal(SIGALRM, update_progress_meter); |
505 | ++ signal(SIGALRM, sig_alarm); |
506 | ++ alarm_fired = 1; |
507 | + alarm(UPDATE_INTERVAL); |
508 | +- errno = save_errno; |
509 | + } |
510 | + |
511 | + void |
512 | +@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_ |
513 | + bytes_per_second = 0; |
514 | + |
515 | + setscreensize(); |
516 | +- if (can_output()) |
517 | +- refresh_progress_meter(); |
518 | ++ refresh_progress_meter(); |
519 | + |
520 | +- signal(SIGALRM, update_progress_meter); |
521 | ++ signal(SIGALRM, sig_alarm); |
522 | + signal(SIGWINCH, sig_winch); |
523 | + alarm(UPDATE_INTERVAL); |
524 | + } |
525 | +@@ -286,6 +280,7 @@ stop_progress_meter(void) |
526 | + static void |
527 | + sig_winch(int sig) |
528 | + { |
529 | ++ signal(SIGWINCH, sig_winch); |
530 | + win_resized = 1; |
531 | + } |
532 | + |
533 | +Index: openssh-7.6p1/progressmeter.h |
534 | +=================================================================== |
535 | +--- openssh-7.6p1.orig/progressmeter.h 2019-01-31 08:58:23.885841566 -0500 |
536 | ++++ openssh-7.6p1/progressmeter.h 2019-01-31 08:58:23.881841557 -0500 |
537 | +@@ -24,4 +24,5 @@ |
538 | + */ |
539 | + |
540 | + void start_progress_meter(const char *, off_t, off_t *); |
541 | ++void refresh_progress_meter(void); |
542 | + void stop_progress_meter(void); |
543 | +Index: openssh-7.6p1/scp.c |
544 | +=================================================================== |
545 | +--- openssh-7.6p1.orig/scp.c 2019-01-31 08:58:23.885841566 -0500 |
546 | ++++ openssh-7.6p1/scp.c 2019-01-31 08:58:23.881841557 -0500 |
547 | +@@ -580,6 +580,7 @@ scpio(void *_cnt, size_t s) |
548 | + off_t *cnt = (off_t *)_cnt; |
549 | + |
550 | + *cnt += s; |
551 | ++ refresh_progress_meter(); |
552 | + if (limit_kbps > 0) |
553 | + bandwidth_limit(&bwlimit, s); |
554 | + return 0; |
555 | +Index: openssh-7.6p1/sftp-client.c |
556 | +=================================================================== |
557 | +--- openssh-7.6p1.orig/sftp-client.c 2019-01-31 08:58:23.885841566 -0500 |
558 | ++++ openssh-7.6p1/sftp-client.c 2019-01-31 08:58:23.881841557 -0500 |
559 | +@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount) |
560 | + { |
561 | + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; |
562 | + |
563 | +- bandwidth_limit(bwlimit, amount); |
564 | ++ refresh_progress_meter(); |
565 | ++ if (bwlimit != NULL) |
566 | ++ bandwidth_limit(bwlimit, amount); |
567 | + return 0; |
568 | + } |
569 | + |
570 | +@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct |
571 | + iov[1].iov_base = (u_char *)sshbuf_ptr(m); |
572 | + iov[1].iov_len = sshbuf_len(m); |
573 | + |
574 | +- if (atomiciov6(writev, conn->fd_out, iov, 2, |
575 | +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != |
576 | ++ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, |
577 | ++ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != |
578 | + sshbuf_len(m) + sizeof(mlen)) |
579 | + fatal("Couldn't send packet: %s", strerror(errno)); |
580 | + |
581 | +@@ -138,8 +140,8 @@ get_msg(struct sftp_conn *conn, struct s |
582 | + |
583 | + if ((r = sshbuf_reserve(m, 4, &p)) != 0) |
584 | + fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
585 | +- if (atomicio6(read, conn->fd_in, p, 4, |
586 | +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { |
587 | ++ if (atomicio6(read, conn->fd_in, p, 4, sftpio, |
588 | ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { |
589 | + if (errno == EPIPE || errno == ECONNRESET) |
590 | + fatal("Connection closed"); |
591 | + else |
592 | +@@ -153,8 +155,8 @@ get_msg(struct sftp_conn *conn, struct s |
593 | + |
594 | + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) |
595 | + fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
596 | +- if (atomicio6(read, conn->fd_in, p, msg_len, |
597 | +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) |
598 | ++ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, |
599 | ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) |
600 | + != msg_len) { |
601 | + if (errno == EPIPE) |
602 | + fatal("Connection closed"); |
603 | diff --git a/debian/patches/CVE-2019-6109-2.patch b/debian/patches/CVE-2019-6109-2.patch |
604 | new file mode 100644 |
605 | index 0000000..0cdc6d3 |
606 | --- /dev/null |
607 | +++ b/debian/patches/CVE-2019-6109-2.patch |
608 | @@ -0,0 +1,106 @@ |
609 | +Backport of: |
610 | + |
611 | +From bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb Mon Sep 17 00:00:00 2001 |
612 | +From: "dtucker@openbsd.org" <dtucker@openbsd.org> |
613 | +Date: Thu, 24 Jan 2019 16:52:17 +0000 |
614 | +Subject: [PATCH] upstream: Have progressmeter force an update at the beginning |
615 | + and |
616 | + |
617 | +end of each transfer. Fixes the problem recently introduces where very quick |
618 | +transfers do not display the progressmeter at all. Spotted by naddy@ |
619 | + |
620 | +OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a |
621 | +--- |
622 | + progressmeter.c | 13 +++++-------- |
623 | + progressmeter.h | 4 ++-- |
624 | + scp.c | 4 ++-- |
625 | + sftp-client.c | 4 ++-- |
626 | + 4 files changed, 11 insertions(+), 14 deletions(-) |
627 | + |
628 | +Index: openssh-7.6p1/progressmeter.c |
629 | +=================================================================== |
630 | +--- openssh-7.6p1.orig/progressmeter.c 2019-01-31 08:58:29.833855684 -0500 |
631 | ++++ openssh-7.6p1/progressmeter.c 2019-01-31 08:58:29.833855684 -0500 |
632 | +@@ -59,9 +59,6 @@ static void format_rate(char *, int, off |
633 | + static void sig_winch(int); |
634 | + static void setscreensize(void); |
635 | + |
636 | +-/* updates the progressmeter to reflect the current state of the transfer */ |
637 | +-void refresh_progress_meter(void); |
638 | +- |
639 | + /* signal handler for updating the progress meter */ |
640 | + static void sig_alarm(int); |
641 | + |
642 | +@@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t b |
643 | + } |
644 | + |
645 | + void |
646 | +-refresh_progress_meter(void) |
647 | ++refresh_progress_meter(int force_update) |
648 | + { |
649 | + char buf[MAX_WINSIZE + 1]; |
650 | + off_t transferred; |
651 | +@@ -131,7 +128,7 @@ refresh_progress_meter(void) |
652 | + int hours, minutes, seconds; |
653 | + int file_len; |
654 | + |
655 | +- if ((!alarm_fired && !win_resized) || !can_output()) |
656 | ++ if ((!force_update && !alarm_fired && !win_resized) || !can_output()) |
657 | + return; |
658 | + alarm_fired = 0; |
659 | + |
660 | +@@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_ |
661 | + bytes_per_second = 0; |
662 | + |
663 | + setscreensize(); |
664 | +- refresh_progress_meter(); |
665 | ++ refresh_progress_meter(1); |
666 | + |
667 | + signal(SIGALRM, sig_alarm); |
668 | + signal(SIGWINCH, sig_winch); |
669 | +@@ -271,7 +268,7 @@ stop_progress_meter(void) |
670 | + |
671 | + /* Ensure we complete the progress */ |
672 | + if (cur_pos != end_pos) |
673 | +- refresh_progress_meter(); |
674 | ++ refresh_progress_meter(1); |
675 | + |
676 | + atomicio(vwrite, STDOUT_FILENO, "\n", 1); |
677 | + } |
678 | +Index: openssh-7.6p1/progressmeter.h |
679 | +=================================================================== |
680 | +--- openssh-7.6p1.orig/progressmeter.h 2019-01-31 08:58:29.833855684 -0500 |
681 | ++++ openssh-7.6p1/progressmeter.h 2019-01-31 08:58:29.833855684 -0500 |
682 | +@@ -24,5 +24,5 @@ |
683 | + */ |
684 | + |
685 | + void start_progress_meter(const char *, off_t, off_t *); |
686 | +-void refresh_progress_meter(void); |
687 | ++void refresh_progress_meter(int); |
688 | + void stop_progress_meter(void); |
689 | +Index: openssh-7.6p1/scp.c |
690 | +=================================================================== |
691 | +--- openssh-7.6p1.orig/scp.c 2019-01-31 08:58:29.833855684 -0500 |
692 | ++++ openssh-7.6p1/scp.c 2019-01-31 08:58:29.833855684 -0500 |
693 | +@@ -580,7 +580,7 @@ scpio(void *_cnt, size_t s) |
694 | + off_t *cnt = (off_t *)_cnt; |
695 | + |
696 | + *cnt += s; |
697 | +- refresh_progress_meter(); |
698 | ++ refresh_progress_meter(0); |
699 | + if (limit_kbps > 0) |
700 | + bandwidth_limit(&bwlimit, s); |
701 | + return 0; |
702 | +Index: openssh-7.6p1/sftp-client.c |
703 | +=================================================================== |
704 | +--- openssh-7.6p1.orig/sftp-client.c 2019-01-31 08:58:29.833855684 -0500 |
705 | ++++ openssh-7.6p1/sftp-client.c 2019-01-31 08:58:29.833855684 -0500 |
706 | +@@ -101,7 +101,7 @@ sftpio(void *_bwlimit, size_t amount) |
707 | + { |
708 | + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; |
709 | + |
710 | +- refresh_progress_meter(); |
711 | ++ refresh_progress_meter(0); |
712 | + if (bwlimit != NULL) |
713 | + bandwidth_limit(bwlimit, amount); |
714 | + return 0; |
715 | diff --git a/debian/patches/CVE-2019-6111-2.patch b/debian/patches/CVE-2019-6111-2.patch |
716 | new file mode 100644 |
717 | index 0000000..21aa8fc |
718 | --- /dev/null |
719 | +++ b/debian/patches/CVE-2019-6111-2.patch |
720 | @@ -0,0 +1,348 @@ |
721 | +From 3d896c157c722bc47adca51a58dca859225b5874 Mon Sep 17 00:00:00 2001 |
722 | +From: "djm@openbsd.org" <djm@openbsd.org> |
723 | +Date: Sun, 10 Feb 2019 11:15:52 +0000 |
724 | +Subject: [PATCH] upstream: when checking that filenames sent by the server |
725 | + side |
726 | + |
727 | +match what the client requested, be prepared to handle shell-style brace |
728 | +alternations, e.g. "{foo,bar}". |
729 | + |
730 | +"looks good to me" millert@ + in snaps for the last week courtesy |
731 | +deraadt@ |
732 | + |
733 | +OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e |
734 | +--- |
735 | + scp.c | 282 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- |
736 | + 1 file changed, 270 insertions(+), 12 deletions(-) |
737 | + |
738 | +Index: openssh-7.6p1/scp.c |
739 | +=================================================================== |
740 | +--- openssh-7.6p1.orig/scp.c 2019-03-04 07:17:32.294099797 -0500 |
741 | ++++ openssh-7.6p1/scp.c 2019-03-04 07:17:32.294099797 -0500 |
742 | +@@ -604,6 +604,253 @@ do_times(int fd, int verb, const struct |
743 | + return (response()); |
744 | + } |
745 | + |
746 | ++/* Appends a string to an array; returns 0 on success, -1 on alloc failure */ |
747 | ++static int |
748 | ++append(char *cp, char ***ap, size_t *np) |
749 | ++{ |
750 | ++ char **tmp; |
751 | ++ |
752 | ++ if ((tmp = reallocarray(*ap, *np + 1, sizeof(*tmp))) == NULL) |
753 | ++ return -1; |
754 | ++ tmp[(*np)] = cp; |
755 | ++ (*np)++; |
756 | ++ *ap = tmp; |
757 | ++ return 0; |
758 | ++} |
759 | ++ |
760 | ++/* |
761 | ++ * Finds the start and end of the first brace pair in the pattern. |
762 | ++ * returns 0 on success or -1 for invalid patterns. |
763 | ++ */ |
764 | ++static int |
765 | ++find_brace(const char *pattern, int *startp, int *endp) |
766 | ++{ |
767 | ++ int i; |
768 | ++ int in_bracket, brace_level; |
769 | ++ |
770 | ++ *startp = *endp = -1; |
771 | ++ in_bracket = brace_level = 0; |
772 | ++ for (i = 0; i < INT_MAX && *endp < 0 && pattern[i] != '\0'; i++) { |
773 | ++ switch (pattern[i]) { |
774 | ++ case '\\': |
775 | ++ /* skip next character */ |
776 | ++ if (pattern[i + 1] != '\0') |
777 | ++ i++; |
778 | ++ break; |
779 | ++ case '[': |
780 | ++ in_bracket = 1; |
781 | ++ break; |
782 | ++ case ']': |
783 | ++ in_bracket = 0; |
784 | ++ break; |
785 | ++ case '{': |
786 | ++ if (in_bracket) |
787 | ++ break; |
788 | ++ if (pattern[i + 1] == '}') { |
789 | ++ /* Protect a single {}, for find(1), like csh */ |
790 | ++ i++; /* skip */ |
791 | ++ break; |
792 | ++ } |
793 | ++ if (*startp == -1) |
794 | ++ *startp = i; |
795 | ++ brace_level++; |
796 | ++ break; |
797 | ++ case '}': |
798 | ++ if (in_bracket) |
799 | ++ break; |
800 | ++ if (*startp < 0) { |
801 | ++ /* Unbalanced brace */ |
802 | ++ return -1; |
803 | ++ } |
804 | ++ if (--brace_level <= 0) |
805 | ++ *endp = i; |
806 | ++ break; |
807 | ++ } |
808 | ++ } |
809 | ++ /* unbalanced brackets/braces */ |
810 | ++ if (*endp < 0 && (*startp >= 0 || in_bracket)) |
811 | ++ return -1; |
812 | ++ return 0; |
813 | ++} |
814 | ++ |
815 | ++/* |
816 | ++ * Assembles and records a successfully-expanded pattern, returns -1 on |
817 | ++ * alloc failure. |
818 | ++ */ |
819 | ++static int |
820 | ++emit_expansion(const char *pattern, int brace_start, int brace_end, |
821 | ++ int sel_start, int sel_end, char ***patternsp, size_t *npatternsp) |
822 | ++{ |
823 | ++ char *cp; |
824 | ++ int o = 0, tail_len = strlen(pattern + brace_end + 1); |
825 | ++ |
826 | ++ if ((cp = malloc(brace_start + (sel_end - sel_start) + |
827 | ++ tail_len + 1)) == NULL) |
828 | ++ return -1; |
829 | ++ |
830 | ++ /* Pattern before initial brace */ |
831 | ++ if (brace_start > 0) { |
832 | ++ memcpy(cp, pattern, brace_start); |
833 | ++ o = brace_start; |
834 | ++ } |
835 | ++ /* Current braced selection */ |
836 | ++ if (sel_end - sel_start > 0) { |
837 | ++ memcpy(cp + o, pattern + sel_start, |
838 | ++ sel_end - sel_start); |
839 | ++ o += sel_end - sel_start; |
840 | ++ } |
841 | ++ /* Remainder of pattern after closing brace */ |
842 | ++ if (tail_len > 0) { |
843 | ++ memcpy(cp + o, pattern + brace_end + 1, tail_len); |
844 | ++ o += tail_len; |
845 | ++ } |
846 | ++ cp[o] = '\0'; |
847 | ++ if (append(cp, patternsp, npatternsp) != 0) { |
848 | ++ free(cp); |
849 | ++ return -1; |
850 | ++ } |
851 | ++ return 0; |
852 | ++} |
853 | ++ |
854 | ++/* |
855 | ++ * Expand the first encountered brace in pattern, appending the expanded |
856 | ++ * patterns it yielded to the *patternsp array. |
857 | ++ * |
858 | ++ * Returns 0 on success or -1 on allocation failure. |
859 | ++ * |
860 | ++ * Signals whether expansion was performed via *expanded and whether |
861 | ++ * pattern was invalid via *invalid. |
862 | ++ */ |
863 | ++static int |
864 | ++brace_expand_one(const char *pattern, char ***patternsp, size_t *npatternsp, |
865 | ++ int *expanded, int *invalid) |
866 | ++{ |
867 | ++ int i; |
868 | ++ int in_bracket, brace_start, brace_end, brace_level; |
869 | ++ int sel_start, sel_end; |
870 | ++ |
871 | ++ *invalid = *expanded = 0; |
872 | ++ |
873 | ++ if (find_brace(pattern, &brace_start, &brace_end) != 0) { |
874 | ++ *invalid = 1; |
875 | ++ return 0; |
876 | ++ } else if (brace_start == -1) |
877 | ++ return 0; |
878 | ++ |
879 | ++ in_bracket = brace_level = 0; |
880 | ++ for (i = sel_start = brace_start + 1; i < brace_end; i++) { |
881 | ++ switch (pattern[i]) { |
882 | ++ case '{': |
883 | ++ if (in_bracket) |
884 | ++ break; |
885 | ++ brace_level++; |
886 | ++ break; |
887 | ++ case '}': |
888 | ++ if (in_bracket) |
889 | ++ break; |
890 | ++ brace_level--; |
891 | ++ break; |
892 | ++ case '[': |
893 | ++ in_bracket = 1; |
894 | ++ break; |
895 | ++ case ']': |
896 | ++ in_bracket = 0; |
897 | ++ break; |
898 | ++ case '\\': |
899 | ++ if (i < brace_end - 1) |
900 | ++ i++; /* skip */ |
901 | ++ break; |
902 | ++ } |
903 | ++ if (pattern[i] == ',' || i == brace_end - 1) { |
904 | ++ if (in_bracket || brace_level > 0) |
905 | ++ continue; |
906 | ++ /* End of a selection, emit an expanded pattern */ |
907 | ++ |
908 | ++ /* Adjust end index for last selection */ |
909 | ++ sel_end = (i == brace_end - 1) ? brace_end : i; |
910 | ++ if (emit_expansion(pattern, brace_start, brace_end, |
911 | ++ sel_start, sel_end, patternsp, npatternsp) != 0) |
912 | ++ return -1; |
913 | ++ /* move on to the next selection */ |
914 | ++ sel_start = i + 1; |
915 | ++ continue; |
916 | ++ } |
917 | ++ } |
918 | ++ if (in_bracket || brace_level > 0) { |
919 | ++ *invalid = 1; |
920 | ++ return 0; |
921 | ++ } |
922 | ++ /* success */ |
923 | ++ *expanded = 1; |
924 | ++ return 0; |
925 | ++} |
926 | ++ |
927 | ++/* Expand braces from pattern. Returns 0 on success, -1 on failure */ |
928 | ++static int |
929 | ++brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) |
930 | ++{ |
931 | ++ char *cp, *cp2, **active = NULL, **done = NULL; |
932 | ++ size_t i, nactive = 0, ndone = 0; |
933 | ++ int ret = -1, invalid = 0, expanded = 0; |
934 | ++ |
935 | ++ *patternsp = NULL; |
936 | ++ *npatternsp = 0; |
937 | ++ |
938 | ++ /* Start the worklist with the original pattern */ |
939 | ++ if ((cp = strdup(pattern)) == NULL) |
940 | ++ return -1; |
941 | ++ if (append(cp, &active, &nactive) != 0) { |
942 | ++ free(cp); |
943 | ++ return -1; |
944 | ++ } |
945 | ++ while (nactive > 0) { |
946 | ++ cp = active[nactive - 1]; |
947 | ++ nactive--; |
948 | ++ if (brace_expand_one(cp, &active, &nactive, |
949 | ++ &expanded, &invalid) == -1) { |
950 | ++ free(cp); |
951 | ++ goto fail; |
952 | ++ } |
953 | ++ if (invalid) |
954 | ++ fatal("%s: invalid brace pattern \"%s\"", __func__, cp); |
955 | ++ if (expanded) { |
956 | ++ /* |
957 | ++ * Current entry expanded to new entries on the |
958 | ++ * active list; discard the progenitor pattern. |
959 | ++ */ |
960 | ++ free(cp); |
961 | ++ continue; |
962 | ++ } |
963 | ++ /* |
964 | ++ * Pattern did not expand; append the finename component to |
965 | ++ * the completed list |
966 | ++ */ |
967 | ++ if ((cp2 = strrchr(cp, '/')) != NULL) |
968 | ++ *cp2++ = '\0'; |
969 | ++ else |
970 | ++ cp2 = cp; |
971 | ++ if (append(xstrdup(cp2), &done, &ndone) != 0) { |
972 | ++ free(cp); |
973 | ++ goto fail; |
974 | ++ } |
975 | ++ free(cp); |
976 | ++ } |
977 | ++ /* success */ |
978 | ++ *patternsp = done; |
979 | ++ *npatternsp = ndone; |
980 | ++ done = NULL; |
981 | ++ ndone = 0; |
982 | ++ ret = 0; |
983 | ++ fail: |
984 | ++ for (i = 0; i < nactive; i++) |
985 | ++ free(active[i]); |
986 | ++ free(active); |
987 | ++ for (i = 0; i < ndone; i++) |
988 | ++ free(done[i]); |
989 | ++ free(done); |
990 | ++ return ret; |
991 | ++} |
992 | ++ |
993 | + void |
994 | + toremote(char *targ, int argc, char **argv) |
995 | + { |
996 | +@@ -959,7 +1206,8 @@ sink(int argc, char **argv, const char * |
997 | + unsigned long long ull; |
998 | + int setimes, targisdir, wrerrno = 0; |
999 | + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; |
1000 | +- char *src_copy = NULL, *restrict_pattern = NULL; |
1001 | ++ char **patterns = NULL; |
1002 | ++ size_t n, npatterns = 0; |
1003 | + struct timeval tv[2]; |
1004 | + |
1005 | + #define atime tv[0] |
1006 | +@@ -989,16 +1237,13 @@ sink(int argc, char **argv, const char * |
1007 | + * Prepare to try to restrict incoming filenames to match |
1008 | + * the requested destination file glob. |
1009 | + */ |
1010 | +- if ((src_copy = strdup(src)) == NULL) |
1011 | +- fatal("strdup failed"); |
1012 | +- if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { |
1013 | +- *restrict_pattern++ = '\0'; |
1014 | +- } |
1015 | ++ if (brace_expand(src, &patterns, &npatterns) != 0) |
1016 | ++ fatal("%s: could not expand pattern", __func__); |
1017 | + } |
1018 | + for (first = 1;; first = 0) { |
1019 | + cp = buf; |
1020 | + if (atomicio(read, remin, cp, 1) != 1) |
1021 | +- return; |
1022 | ++ goto done; |
1023 | + if (*cp++ == '\n') |
1024 | + SCREWUP("unexpected <newline>"); |
1025 | + do { |
1026 | +@@ -1024,7 +1269,7 @@ sink(int argc, char **argv, const char * |
1027 | + } |
1028 | + if (buf[0] == 'E') { |
1029 | + (void) atomicio(vwrite, remout, "", 1); |
1030 | +- return; |
1031 | ++ goto done; |
1032 | + } |
1033 | + if (ch == '\n') |
1034 | + *--cp = 0; |
1035 | +@@ -1097,9 +1342,14 @@ sink(int argc, char **argv, const char * |
1036 | + run_err("error: unexpected filename: %s", cp); |
1037 | + exit(1); |
1038 | + } |
1039 | +- if (restrict_pattern != NULL && |
1040 | +- fnmatch(restrict_pattern, cp, 0) != 0) |
1041 | +- SCREWUP("filename does not match request"); |
1042 | ++ if (npatterns > 0) { |
1043 | ++ for (n = 0; n < npatterns; n++) { |
1044 | ++ if (fnmatch(patterns[n], cp, 0) == 0) |
1045 | ++ break; |
1046 | ++ } |
1047 | ++ if (n >= npatterns) |
1048 | ++ SCREWUP("filename does not match request"); |
1049 | ++ } |
1050 | + if (targisdir) { |
1051 | + static char *namebuf; |
1052 | + static size_t cursize; |
1053 | +@@ -1258,7 +1508,15 @@ bad: run_err("%s: %s", np, strerror(er |
1054 | + break; |
1055 | + } |
1056 | + } |
1057 | ++done: |
1058 | ++ for (n = 0; n < npatterns; n++) |
1059 | ++ free(patterns[n]); |
1060 | ++ free(patterns); |
1061 | ++ return; |
1062 | + screwup: |
1063 | ++ for (n = 0; n < npatterns; n++) |
1064 | ++ free(patterns[n]); |
1065 | ++ free(patterns); |
1066 | + run_err("protocol error: %s", why); |
1067 | + exit(1); |
1068 | + } |
1069 | diff --git a/debian/patches/CVE-2019-6111.patch b/debian/patches/CVE-2019-6111.patch |
1070 | new file mode 100644 |
1071 | index 0000000..72b8bde |
1072 | --- /dev/null |
1073 | +++ b/debian/patches/CVE-2019-6111.patch |
1074 | @@ -0,0 +1,182 @@ |
1075 | +Backport of: |
1076 | + |
1077 | +From 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc Mon Sep 17 00:00:00 2001 |
1078 | +From: "djm@openbsd.org" <djm@openbsd.org> |
1079 | +Date: Sat, 26 Jan 2019 22:41:28 +0000 |
1080 | +Subject: [PATCH] upstream: check in scp client that filenames sent during |
1081 | + |
1082 | +remote->local directory copies satisfy the wildcard specified by the user. |
1083 | + |
1084 | +This checking provides some protection against a malicious server |
1085 | +sending unexpected filenames, but it comes at a risk of rejecting wanted |
1086 | +files due to differences between client and server wildcard expansion rules. |
1087 | + |
1088 | +For this reason, this also adds a new -T flag to disable the check. |
1089 | + |
1090 | +reported by Harry Sintonen |
1091 | +fix approach suggested by markus@; |
1092 | +has been in snaps for ~1wk courtesy deraadt@ |
1093 | + |
1094 | +OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda |
1095 | +--- |
1096 | + scp.1 | 16 +++++++++++++--- |
1097 | + scp.c | 39 ++++++++++++++++++++++++++++++--------- |
1098 | + 2 files changed, 43 insertions(+), 12 deletions(-) |
1099 | + |
1100 | +Index: openssh-7.6p1/scp.1 |
1101 | +=================================================================== |
1102 | +--- openssh-7.6p1.orig/scp.1 2019-01-31 08:57:08.113664456 -0500 |
1103 | ++++ openssh-7.6p1/scp.1 2019-01-31 08:57:44.625749147 -0500 |
1104 | +@@ -19,7 +19,7 @@ |
1105 | + .Sh SYNOPSIS |
1106 | + .Nm scp |
1107 | + .Bk -words |
1108 | +-.Op Fl 346BCpqrv |
1109 | ++.Op Fl 346BCpqrTv |
1110 | + .Op Fl c Ar cipher |
1111 | + .Op Fl F Ar ssh_config |
1112 | + .Op Fl i Ar identity_file |
1113 | +@@ -202,6 +202,16 @@ to use for the encrypted connection. |
1114 | + The program must understand |
1115 | + .Xr ssh 1 |
1116 | + options. |
1117 | ++.It Fl T |
1118 | ++Disable strict filename checking. |
1119 | ++By default when copying files from a remote host to a local directory |
1120 | ++.Nm |
1121 | ++checks that the received filenames match those requested on the command-line |
1122 | ++to prevent the remote end from sending unexpected or unwanted files. |
1123 | ++Because of differences in how various operating systems and shells interpret |
1124 | ++filename wildcards, these checks may cause wanted files to be rejected. |
1125 | ++This option disables these checks at the expense of fully trusting that |
1126 | ++the server will not send unexpected filenames. |
1127 | + .It Fl v |
1128 | + Verbose mode. |
1129 | + Causes |
1130 | +Index: openssh-7.6p1/scp.c |
1131 | +=================================================================== |
1132 | +--- openssh-7.6p1.orig/scp.c 2019-01-31 08:57:08.113664456 -0500 |
1133 | ++++ openssh-7.6p1/scp.c 2019-01-31 08:57:08.109664446 -0500 |
1134 | +@@ -94,6 +94,7 @@ |
1135 | + #include <dirent.h> |
1136 | + #include <errno.h> |
1137 | + #include <fcntl.h> |
1138 | ++#include <fnmatch.h> |
1139 | + #include <limits.h> |
1140 | + #include <locale.h> |
1141 | + #include <pwd.h> |
1142 | +@@ -365,14 +366,14 @@ void verifydir(char *); |
1143 | + struct passwd *pwd; |
1144 | + uid_t userid; |
1145 | + int errs, remin, remout; |
1146 | +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; |
1147 | ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; |
1148 | + |
1149 | + #define CMDNEEDS 64 |
1150 | + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ |
1151 | + |
1152 | + int response(void); |
1153 | + void rsource(char *, struct stat *); |
1154 | +-void sink(int, char *[]); |
1155 | ++void sink(int, char *[], const char *); |
1156 | + void source(int, char *[]); |
1157 | + void tolocal(int, char *[]); |
1158 | + void toremote(char *, int, char *[]); |
1159 | +@@ -409,8 +410,9 @@ main(int argc, char **argv) |
1160 | + addargs(&args, "-oPermitLocalCommand=no"); |
1161 | + addargs(&args, "-oClearAllForwardings=yes"); |
1162 | + |
1163 | +- fflag = tflag = 0; |
1164 | +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) |
1165 | ++ fflag = Tflag = tflag = 0; |
1166 | ++ while ((ch = getopt(argc, argv, |
1167 | ++ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) { |
1168 | + switch (ch) { |
1169 | + /* User-visible flags. */ |
1170 | + case '1': |
1171 | +@@ -490,9 +492,13 @@ main(int argc, char **argv) |
1172 | + setmode(0, O_BINARY); |
1173 | + #endif |
1174 | + break; |
1175 | ++ case 'T': |
1176 | ++ Tflag = 1; |
1177 | ++ break; |
1178 | + default: |
1179 | + usage(); |
1180 | + } |
1181 | ++ } |
1182 | + argc -= optind; |
1183 | + argv += optind; |
1184 | + |
1185 | +@@ -523,7 +529,7 @@ main(int argc, char **argv) |
1186 | + } |
1187 | + if (tflag) { |
1188 | + /* Receive data. */ |
1189 | +- sink(argc, argv); |
1190 | ++ sink(argc, argv, NULL); |
1191 | + exit(errs != 0); |
1192 | + } |
1193 | + if (argc < 2) |
1194 | +@@ -763,7 +769,7 @@ tolocal(int argc, char **argv) |
1195 | + continue; |
1196 | + } |
1197 | + free(bp); |
1198 | +- sink(1, argv + argc - 1); |
1199 | ++ sink(1, argv + argc - 1, src); |
1200 | + (void) close(remin); |
1201 | + remin = remout = -1; |
1202 | + } |
1203 | +@@ -936,7 +942,7 @@ rsource(char *name, struct stat *statp) |
1204 | + (sizeof(type) != 4 && sizeof(type) != 8)) |
1205 | + |
1206 | + void |
1207 | +-sink(int argc, char **argv) |
1208 | ++sink(int argc, char **argv, const char *src) |
1209 | + { |
1210 | + static BUF buffer; |
1211 | + struct stat stb; |
1212 | +@@ -952,6 +958,7 @@ sink(int argc, char **argv) |
1213 | + unsigned long long ull; |
1214 | + int setimes, targisdir, wrerrno = 0; |
1215 | + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; |
1216 | ++ char *src_copy = NULL, *restrict_pattern = NULL; |
1217 | + struct timeval tv[2]; |
1218 | + |
1219 | + #define atime tv[0] |
1220 | +@@ -976,6 +983,17 @@ sink(int argc, char **argv) |
1221 | + (void) atomicio(vwrite, remout, "", 1); |
1222 | + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) |
1223 | + targisdir = 1; |
1224 | ++ if (src != NULL && !iamrecursive && !Tflag) { |
1225 | ++ /* |
1226 | ++ * Prepare to try to restrict incoming filenames to match |
1227 | ++ * the requested destination file glob. |
1228 | ++ */ |
1229 | ++ if ((src_copy = strdup(src)) == NULL) |
1230 | ++ fatal("strdup failed"); |
1231 | ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { |
1232 | ++ *restrict_pattern++ = '\0'; |
1233 | ++ } |
1234 | ++ } |
1235 | + for (first = 1;; first = 0) { |
1236 | + cp = buf; |
1237 | + if (atomicio(read, remin, cp, 1) != 1) |
1238 | +@@ -1078,6 +1096,9 @@ sink(int argc, char **argv) |
1239 | + run_err("error: unexpected filename: %s", cp); |
1240 | + exit(1); |
1241 | + } |
1242 | ++ if (restrict_pattern != NULL && |
1243 | ++ fnmatch(restrict_pattern, cp, 0) != 0) |
1244 | ++ SCREWUP("filename does not match request"); |
1245 | + if (targisdir) { |
1246 | + static char *namebuf; |
1247 | + static size_t cursize; |
1248 | +@@ -1115,7 +1136,7 @@ sink(int argc, char **argv) |
1249 | + goto bad; |
1250 | + } |
1251 | + vect[0] = xstrdup(np); |
1252 | +- sink(1, vect); |
1253 | ++ sink(1, vect, src); |
1254 | + if (setimes) { |
1255 | + setimes = 0; |
1256 | + if (utimes(vect[0], tv) < 0) |
1257 | diff --git a/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch b/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch |
1258 | new file mode 100644 |
1259 | index 0000000..5f9fc47 |
1260 | --- /dev/null |
1261 | +++ b/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch |
1262 | @@ -0,0 +1,31 @@ |
1263 | +From c9c1bba06ad1c7cad8548549a68c071bd807af60 Mon Sep 17 00:00:00 2001 |
1264 | +From: "stsp@openbsd.org" <stsp@openbsd.org> |
1265 | +Date: Tue, 23 Jan 2018 20:00:58 +0000 |
1266 | +Subject: [PATCH] upstream commit |
1267 | + |
1268 | +Fix a logic bug in sshd_exchange_identification which |
1269 | +prevented clients using major protocol version 2 from connecting to the |
1270 | +server. ok millert@ |
1271 | + |
1272 | +OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 |
1273 | + |
1274 | +Backport-Note: dropped the no-op file header change |
1275 | +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=c9c1bba06 |
1276 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1863930 |
1277 | +Last-Update: 2020-03-03 |
1278 | + |
1279 | +--- |
1280 | + sshd.c | 4 ++-- |
1281 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
1282 | + |
1283 | +--- a/sshd.c |
1284 | ++++ b/sshd.c |
1285 | +@@ -465,7 +465,7 @@ sshd_exchange_identification(struct ssh |
1286 | + chop(server_version_string); |
1287 | + debug("Local version string %.200s", server_version_string); |
1288 | + |
1289 | +- if (remote_major != 2 || |
1290 | ++ if (remote_major != 2 && |
1291 | + !(remote_major == 1 && remote_minor == 99)) { |
1292 | + s = "Protocol major versions differ.\n"; |
1293 | + (void) atomicio(vwrite, sock_out, s, strlen(s)); |
1294 | diff --git a/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch b/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch |
1295 | new file mode 100644 |
1296 | index 0000000..dbb035d |
1297 | --- /dev/null |
1298 | +++ b/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch |
1299 | @@ -0,0 +1,31 @@ |
1300 | +From 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec Mon Sep 17 00:00:00 2001 |
1301 | +From: "djm@openbsd.org" <djm@openbsd.org> |
1302 | +Date: Tue, 23 Jan 2018 05:12:12 +0000 |
1303 | +Subject: [PATCH] upstream commit |
1304 | + |
1305 | +unbreak support for clients that advertise a protocol |
1306 | +version of "1.99" (indicating both v2 and v1 support). Busted by me during |
1307 | +SSHv1 purge in r1.358; bz2810, ok dtucker |
1308 | + |
1309 | +OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b |
1310 | + |
1311 | +Backport-Note: dropped the no-op file header change |
1312 | +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=9e9c4a7e5 |
1313 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1863930 |
1314 | +Last-Update: 2020-03-03 |
1315 | + |
1316 | +--- |
1317 | + sshd.c | 4 ++-- |
1318 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
1319 | + |
1320 | +--- a/sshd.c |
1321 | ++++ b/sshd.c |
1322 | +@@ -466,7 +466,7 @@ sshd_exchange_identification(struct ssh |
1323 | + debug("Local version string %.200s", server_version_string); |
1324 | + |
1325 | + if (remote_major != 2 || |
1326 | +- (remote_major == 1 && remote_minor != 99)) { |
1327 | ++ !(remote_major == 1 && remote_minor == 99)) { |
1328 | + s = "Protocol major versions differ.\n"; |
1329 | + (void) atomicio(vwrite, sock_out, s, strlen(s)); |
1330 | + close(sock_in); |
1331 | diff --git a/debian/patches/regress-2020.patch b/debian/patches/regress-2020.patch |
1332 | new file mode 100644 |
1333 | index 0000000..b46e0df |
1334 | --- /dev/null |
1335 | +++ b/debian/patches/regress-2020.patch |
1336 | @@ -0,0 +1,44 @@ |
1337 | +From df3ad29af495185aa9b051028ae94b965a4b1659 Mon Sep 17 00:00:00 2001 |
1338 | +From: "djm@openbsd.org" <djm@openbsd.org> |
1339 | +Date: Fri, 3 Jan 2020 03:02:26 +0000 |
1340 | +Subject: upstream: what bozo decided to use 2020 as a future date in a regress |
1341 | + |
1342 | +test? |
1343 | + |
1344 | +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a |
1345 | + |
1346 | +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381 |
1347 | +Last-Update: 2020-01-09 |
1348 | + |
1349 | +Patch-Name: regress-2020.patch |
1350 | +--- |
1351 | + regress/cert-hostkey.sh | 2 +- |
1352 | + regress/cert-userkey.sh | 2 +- |
1353 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
1354 | + |
1355 | +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh |
1356 | +index 86ea62504..844adabcc 100644 |
1357 | +--- a/regress/cert-hostkey.sh |
1358 | ++++ b/regress/cert-hostkey.sh |
1359 | +@@ -252,7 +252,7 @@ test_one() { |
1360 | + test_one "user-certificate" failure "-n $HOSTS" |
1361 | + test_one "empty principals" success "-h" |
1362 | + test_one "wrong principals" failure "-h -n foo" |
1363 | +-test_one "cert not yet valid" failure "-h -V20200101:20300101" |
1364 | ++test_one "cert not yet valid" failure "-h -V20300101:20320101" |
1365 | + test_one "cert expired" failure "-h -V19800101:19900101" |
1366 | + test_one "cert valid interval" success "-h -V-1w:+2w" |
1367 | + test_one "cert has constraints" failure "-h -Oforce-command=false" |
1368 | +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh |
1369 | +index 38c14a698..5cd02fc3f 100644 |
1370 | +--- a/regress/cert-userkey.sh |
1371 | ++++ b/regress/cert-userkey.sh |
1372 | +@@ -338,7 +338,7 @@ test_one() { |
1373 | + test_one "correct principal" success "-n ${USER}" |
1374 | + test_one "host-certificate" failure "-n ${USER} -h" |
1375 | + test_one "wrong principals" failure "-n foo" |
1376 | +-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" |
1377 | ++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" |
1378 | + test_one "cert expired" failure "-n ${USER} -V19800101:19900101" |
1379 | + test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" |
1380 | + test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" |
1381 | diff --git a/debian/patches/series b/debian/patches/series |
1382 | index 580b919..d8dd5ae 100644 |
1383 | --- a/debian/patches/series |
1384 | +++ b/debian/patches/series |
1385 | @@ -21,8 +21,26 @@ gnome-ssh-askpass2-icon.patch |
1386 | systemd-readiness.patch |
1387 | debian-config.patch |
1388 | restore-authorized_keys2.patch |
1389 | +<<<<<<< debian/patches/series |
1390 | revert-ipqos-defaults.patch |
1391 | maxhostnamelen.patch |
1392 | conch-ssh-rsa.patch |
1393 | improve-zero-call-used-regs-detection.patch |
1394 | sandbox-ppoll_time64.patch |
1395 | +======= |
1396 | +seccomp-s390-flock-ipc.patch |
1397 | +seccomp-getuid-geteuid.patch |
1398 | +seccomp-s390-ioctl-ep11-crypto.patch |
1399 | +permitopen-argument-handling.patch |
1400 | +fix-regress-putty-transfer.patch |
1401 | +CVE-2018-15473.patch |
1402 | +CVE-2018-20685.patch |
1403 | +CVE-2019-6111.patch |
1404 | +CVE-2019-6109-1.patch |
1405 | +CVE-2019-6109-2.patch |
1406 | +CVE-2019-6111-2.patch |
1407 | +regress-2020.patch |
1408 | +lp-1863930-unbreak-clients-that-advertise-protocol.patch |
1409 | +lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch |
1410 | +0001-upstream-preserve-group-world-read-permission-on-kno.patch |
1411 | +>>>>>>> debian/patches/series |