Merge ~sergiodj/ubuntu/+source/openssh:lp1966591-ssh-keygen-permission-bionic into ubuntu/+source/openssh:ubuntu/devel
- Git
- lp:~sergiodj/ubuntu/+source/openssh
- lp1966591-ssh-keygen-permission-bionic
- Merge into ubuntu/devel
Status: | Superseded | ||||
---|---|---|---|---|---|
Proposed branch: | ~sergiodj/ubuntu/+source/openssh:lp1966591-ssh-keygen-permission-bionic | ||||
Merge into: | ubuntu/+source/openssh:ubuntu/devel | ||||
Diff against target: |
1411 lines (+1309/-0) (has conflicts) 13 files modified
debian/changelog (+75/-0) debian/control (+8/-0) debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch (+46/-0) debian/patches/CVE-2018-15473.patch (+138/-0) debian/patches/CVE-2018-20685.patch (+29/-0) debian/patches/CVE-2019-6109-1.patch (+253/-0) debian/patches/CVE-2019-6109-2.patch (+106/-0) debian/patches/CVE-2019-6111-2.patch (+348/-0) debian/patches/CVE-2019-6111.patch (+182/-0) debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch (+31/-0) debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch (+31/-0) debian/patches/regress-2020.patch (+44/-0) debian/patches/series (+18/-0) Conflict in debian/changelog Conflict in debian/control Conflict in debian/patches/series |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server packageset reviewers | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+418099@code.launchpad.net |
Commit message
Description of the change
This MP fixes bug #1966591 on Bionic.
From the SRU template:
When using "ssh-keygen -R" to remove a host from "known_hosts" the command changes permissions on the file. This can cause problems particularly when used on the global "known_hosts" file (/etc/ssh/
This bug has been fixed upstream (https:/
The idea is to do a single SRU upload with this MP plus Athos' changes to fix bug #1903516.
There is a PPA with the proposed change here:
https:/
autopkgtest is still running, but I don't expect any problems. I'll post the results when they're done.
Unmerged commits
- 80f1bdb... by Sergio Durigan Junior
-
changelog for 1:7.6p1-4ubuntu0.7
- 828e903... by Sergio Durigan Junior
-
* d/p/0001-
upstream- preserve- group-world- read-permission -on-kno. patch:
Preserve group/world read permissions on known_hosts. (LP: #1966591) - 5488a2a... by Christian Ehrhardt
-
1:7.6p1-4ubuntu0.6 (patches unapplied)
Imported using git-ubuntu import.
- f271687... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.5 (patches unapplied)
Imported using git-ubuntu import.
- 18afe7e... by Dimitri John Ledkov
-
1:7.6p1-4ubuntu0.4 (patches unapplied)
Imported using git-ubuntu import.
- 4ac6e76... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.3 (patches unapplied)
Imported using git-ubuntu import.
- 844c653... by Marc Deslauriers
-
1:7.6p1-4ubuntu0.2 (patches unapplied)
Imported using git-ubuntu import.
- 95749f1... by Leonidas S. Barbosa
-
1:7.6p1-4ubuntu0.1 (patches unapplied)
Imported using git-ubuntu import.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 9d6fadc..22a71c9 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,4 @@ | |||
6 | 1 | <<<<<<< debian/changelog | ||
7 | 1 | openssh (1:8.9p1-3) unstable; urgency=medium | 2 | openssh (1:8.9p1-3) unstable; urgency=medium |
8 | 2 | 3 | ||
9 | 3 | * Allow ppoll_time64 in seccomp filter (closes: #1006445). | 4 | * Allow ppoll_time64 in seccomp filter (closes: #1006445). |
10 | @@ -1532,6 +1533,80 @@ openssh (1:7.6p1-5) unstable; urgency=medium | |||
11 | 1532 | #894558). | 1533 | #894558). |
12 | 1533 | 1534 | ||
13 | 1534 | -- Colin Watson <cjwatson@debian.org> Sun, 01 Apr 2018 21:37:19 +0100 | 1535 | -- Colin Watson <cjwatson@debian.org> Sun, 01 Apr 2018 21:37:19 +0100 |
14 | 1536 | ======= | ||
15 | 1537 | openssh (1:7.6p1-4ubuntu0.7) bionic; urgency=medium | ||
16 | 1538 | |||
17 | 1539 | * d/p/0001-upstream-preserve-group-world-read-permission-on-kno.patch: | ||
18 | 1540 | Preserve group/world read permissions on known_hosts. (LP: #1966591) | ||
19 | 1541 | |||
20 | 1542 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 30 Mar 2022 19:04:23 -0400 | ||
21 | 1543 | |||
22 | 1544 | openssh (1:7.6p1-4ubuntu0.6) bionic; urgency=medium | ||
23 | 1545 | |||
24 | 1546 | * fix clients advertising version 1.99 (LP: #1863930) | ||
25 | 1547 | - d/p/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch | ||
26 | 1548 | - d/p/lp-1863930-unbreak-clients-that-advertise-protocol.patch | ||
27 | 1549 | |||
28 | 1550 | -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Mar 2020 07:47:02 +0100 | ||
29 | 1551 | |||
30 | 1552 | openssh (1:7.6p1-4ubuntu0.5) bionic-security; urgency=medium | ||
31 | 1553 | |||
32 | 1554 | * SECURITY REGRESSION: User enumeration issue (LP: #1934501) | ||
33 | 1555 | - debian/patches/CVE-2018-15473.patch: updated to fix bad patch | ||
34 | 1556 | backport. | ||
35 | 1557 | |||
36 | 1558 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 11 Aug 2021 14:02:09 -0400 | ||
37 | 1559 | |||
38 | 1560 | openssh (1:7.6p1-4ubuntu0.4) bionic; urgency=medium | ||
39 | 1561 | |||
40 | 1562 | * Apply upstream patch to stop using 2020 as a future date in regress | ||
41 | 1563 | tests. LP: #1859013 | ||
42 | 1564 | |||
43 | 1565 | -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 10 Jan 2020 00:00:50 +0000 | ||
44 | 1566 | |||
45 | 1567 | openssh (1:7.6p1-4ubuntu0.3) bionic-security; urgency=medium | ||
46 | 1568 | |||
47 | 1569 | * SECURITY UPDATE: Incomplete fix for CVE-2019-6111 | ||
48 | 1570 | - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename | ||
49 | 1571 | check in scp.c. | ||
50 | 1572 | - CVE-2019-6111 | ||
51 | 1573 | * Fixed inverted CVE numbers in patch filenames and in previous | ||
52 | 1574 | changelog. | ||
53 | 1575 | |||
54 | 1576 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 04 Mar 2019 07:17:51 -0500 | ||
55 | 1577 | |||
56 | 1578 | openssh (1:7.6p1-4ubuntu0.2) bionic-security; urgency=medium | ||
57 | 1579 | |||
58 | 1580 | * SECURITY UPDATE: access restrictions bypass in scp | ||
59 | 1581 | - debian/patches/CVE-2018-20685.patch: disallow empty filenames | ||
60 | 1582 | or ones that refer to the current directory in scp.c. | ||
61 | 1583 | - CVE-2018-20685 | ||
62 | 1584 | * SECURITY UPDATE: scp client spoofing via object name | ||
63 | 1585 | - debian/patches/CVE-2019-6111.patch: make sure the filenames match | ||
64 | 1586 | the wildcard specified by the user, and add new flag to relax the new | ||
65 | 1587 | restrictions in scp.c, scp.1. | ||
66 | 1588 | - CVE-2019-6111 | ||
67 | 1589 | * SECURITY UPDATE: scp client missing received object name validation | ||
68 | 1590 | - debian/patches/CVE-2019-6109-1.patch: sanitize scp filenames via | ||
69 | 1591 | snmprintf in atomicio.c, progressmeter.c, progressmeter.h, | ||
70 | 1592 | scp.c, sftp-client.c. | ||
71 | 1593 | - debian/patches/CVE-2019-6109-2.patch: force progressmeter updates in | ||
72 | 1594 | progressmeter.c, progressmeter.h, scp.c, sftp-client.c. | ||
73 | 1595 | - CVE-2019-6109 | ||
74 | 1596 | |||
75 | 1597 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 31 Jan 2019 08:58:34 -0500 | ||
76 | 1598 | |||
77 | 1599 | openssh (1:7.6p1-4ubuntu0.1) bionic-security; urgency=medium | ||
78 | 1600 | |||
79 | 1601 | [ Ryan Finnie ] | ||
80 | 1602 | * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) | ||
81 | 1603 | - debian/patches/CVE-2018-15473.patch: delay bailout for invalid | ||
82 | 1604 | authenticating user until after the packet containing the request | ||
83 | 1605 | has been fully parsed. | ||
84 | 1606 | - CVE-2018-15473 | ||
85 | 1607 | |||
86 | 1608 | -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 05 Nov 2018 08:51:29 -0300 | ||
87 | 1609 | >>>>>>> debian/changelog | ||
88 | 1535 | 1610 | ||
89 | 1536 | openssh (1:7.6p1-4) unstable; urgency=medium | 1611 | openssh (1:7.6p1-4) unstable; urgency=medium |
90 | 1537 | 1612 | ||
91 | diff --git a/debian/control b/debian/control | |||
92 | index f9dc5f7..98035fb 100644 | |||
93 | --- a/debian/control | |||
94 | +++ b/debian/control | |||
95 | @@ -1,9 +1,17 @@ | |||
96 | 1 | Source: openssh | 1 | Source: openssh |
97 | 2 | Section: net | 2 | Section: net |
98 | 3 | Priority: standard | 3 | Priority: standard |
99 | 4 | <<<<<<< debian/control | ||
100 | 4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | 5 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
101 | 5 | Build-Depends: debhelper (>= 13.1~), | 6 | Build-Depends: debhelper (>= 13.1~), |
102 | 6 | debhelper-compat (= 13), | 7 | debhelper-compat (= 13), |
103 | 8 | ======= | ||
104 | 9 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> | ||
105 | 10 | XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | ||
106 | 11 | Build-Depends: autotools-dev, | ||
107 | 12 | debhelper (>= 9.20160709~), | ||
108 | 13 | dh-autoreconf, | ||
109 | 14 | >>>>>>> debian/control | ||
110 | 7 | dh-exec, | 15 | dh-exec, |
111 | 8 | dh-runit (>= 2.8.8), | 16 | dh-runit (>= 2.8.8), |
112 | 9 | dpkg-dev (>= 1.16.1~), | 17 | dpkg-dev (>= 1.16.1~), |
113 | diff --git a/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch b/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch | |||
114 | 10 | new file mode 100644 | 18 | new file mode 100644 |
115 | index 0000000..433ebfb | |||
116 | --- /dev/null | |||
117 | +++ b/debian/patches/0001-upstream-preserve-group-world-read-permission-on-kno.patch | |||
118 | @@ -0,0 +1,46 @@ | |||
119 | 1 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
120 | 2 | Date: Wed, 13 May 2020 09:55:57 +0000 | ||
121 | 3 | Subject: upstream: preserve group/world read permission on known_hosts | ||
122 | 4 | |||
123 | 5 | file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove | ||
124 | 6 | all rights for group/other. bz#3146 ok dtucker@ | ||
125 | 7 | |||
126 | 8 | OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a | ||
127 | 9 | |||
128 | 10 | Origin: backport, https://github.com/openssh/openssh-portable/commit/f2d84f1b3fa68d77c99238d4c645d0266fae2a74 | ||
129 | 11 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3146 | ||
130 | 12 | Bug-Ubuntu: https://bugs.launchpad.net/openssh/+bug/1966591 | ||
131 | 13 | Applied-Upstream: 8.4 | ||
132 | 14 | --- | ||
133 | 15 | ssh-keygen.c | 4 ++++ | ||
134 | 16 | 1 file changed, 4 insertions(+) | ||
135 | 17 | |||
136 | 18 | diff --git a/ssh-keygen.c b/ssh-keygen.c | ||
137 | 19 | index 835f7d0..bfc5233 100644 | ||
138 | 20 | --- a/ssh-keygen.c | ||
139 | 21 | +++ b/ssh-keygen.c | ||
140 | 22 | @@ -1235,6 +1235,7 @@ do_known_hosts(struct passwd *pw, const char *name) | ||
141 | 23 | int r, fd, oerrno, inplace = 0; | ||
142 | 24 | struct known_hosts_ctx ctx; | ||
143 | 25 | u_int foreach_options; | ||
144 | 26 | + struct stat sb; | ||
145 | 27 | |||
146 | 28 | if (!have_identity) { | ||
147 | 29 | cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); | ||
148 | 30 | @@ -1244,6 +1245,8 @@ do_known_hosts(struct passwd *pw, const char *name) | ||
149 | 31 | free(cp); | ||
150 | 32 | have_identity = 1; | ||
151 | 33 | } | ||
152 | 34 | + if (stat(identity_file, &sb) != 0) | ||
153 | 35 | + fatal("Cannot stat %s: %s", identity_file, strerror(errno)); | ||
154 | 36 | |||
155 | 37 | memset(&ctx, 0, sizeof(ctx)); | ||
156 | 38 | ctx.out = stdout; | ||
157 | 39 | @@ -1267,6 +1270,7 @@ do_known_hosts(struct passwd *pw, const char *name) | ||
158 | 40 | unlink(tmp); | ||
159 | 41 | fatal("fdopen: %s", strerror(oerrno)); | ||
160 | 42 | } | ||
161 | 43 | + fchmod(fd, sb.st_mode & 0644); | ||
162 | 44 | inplace = 1; | ||
163 | 45 | } | ||
164 | 46 | |||
165 | diff --git a/debian/patches/CVE-2018-15473.patch b/debian/patches/CVE-2018-15473.patch | |||
166 | 0 | new file mode 100644 | 47 | new file mode 100644 |
167 | index 0000000..f439e37 | |||
168 | --- /dev/null | |||
169 | +++ b/debian/patches/CVE-2018-15473.patch | |||
170 | @@ -0,0 +1,138 @@ | |||
171 | 1 | Updated: 2021-08-11 | ||
172 | 2 | Backport of: | ||
173 | 3 | |||
174 | 4 | From 779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 Mon Sep 17 00:00:00 2001 | ||
175 | 5 | From: djm <djm@openbsd.org> | ||
176 | 6 | Date: Tue, 31 Jul 2018 03:10:27 +0000 | ||
177 | 7 | Subject: [PATCH] =?UTF-8?q?delay=20bailout=20for=20invalid=20authenticatin?= | ||
178 | 8 | =?UTF-8?q?g=20user=20until=20after=20the=20packet=20containing=20the=20re?= | ||
179 | 9 | =?UTF-8?q?quest=20has=20been=20fully=20parsed.=20Reported=20by=20Dariusz?= | ||
180 | 10 | =?UTF-8?q?=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= | ||
181 | 11 | MIME-Version: 1.0 | ||
182 | 12 | Content-Type: text/plain; charset=UTF-8 | ||
183 | 13 | Content-Transfer-Encoding: 8bit | ||
184 | 14 | |||
185 | 15 | delay bailout for invalid authenticating user until after the packet | ||
186 | 16 | containing the request has been fully parsed. | ||
187 | 17 | |||
188 | 18 | --- | ||
189 | 19 | auth2-gss.c | 9 ++++++--- | ||
190 | 20 | auth2-hostbased.c | 9 +++++---- | ||
191 | 21 | auth2-pubkey.c | 21 ++++++++++++++------- | ||
192 | 22 | 3 files changed, 25 insertions(+), 14 deletions(-) | ||
193 | 23 | |||
194 | 24 | --- a/auth2-gss.c | ||
195 | 25 | +++ b/auth2-gss.c | ||
196 | 26 | @@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh) | ||
197 | 27 | u_int len; | ||
198 | 28 | u_char *doid = NULL; | ||
199 | 29 | |||
200 | 30 | - if (!authctxt->valid || authctxt->user == NULL) | ||
201 | 31 | - return (0); | ||
202 | 32 | - | ||
203 | 33 | mechs = packet_get_int(); | ||
204 | 34 | if (mechs == 0) { | ||
205 | 35 | debug("Mechanism negotiation is not supported"); | ||
206 | 36 | @@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh) | ||
207 | 37 | return (0); | ||
208 | 38 | } | ||
209 | 39 | |||
210 | 40 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
211 | 41 | + debug2("%s: disabled because of invalid user", __func__); | ||
212 | 42 | + free(doid); | ||
213 | 43 | + return (0); | ||
214 | 44 | + } | ||
215 | 45 | + | ||
216 | 46 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | ||
217 | 47 | if (ctxt != NULL) | ||
218 | 48 | ssh_gssapi_delete_ctx(&ctxt); | ||
219 | 49 | --- a/auth2-hostbased.c | ||
220 | 50 | +++ b/auth2-hostbased.c | ||
221 | 51 | @@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) | ||
222 | 52 | size_t alen, blen, slen; | ||
223 | 53 | int r, pktype, authenticated = 0; | ||
224 | 54 | |||
225 | 55 | - if (!authctxt->valid) { | ||
226 | 56 | - debug2("%s: disabled because of invalid user", __func__); | ||
227 | 57 | - return 0; | ||
228 | 58 | - } | ||
229 | 59 | /* XXX use sshkey_froms() */ | ||
230 | 60 | if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || | ||
231 | 61 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || | ||
232 | 62 | @@ -118,6 +114,11 @@ userauth_hostbased(struct ssh *ssh) | ||
233 | 63 | goto done; | ||
234 | 64 | } | ||
235 | 65 | |||
236 | 66 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
237 | 67 | + debug2("%s: disabled because of invalid user", __func__); | ||
238 | 68 | + goto done; | ||
239 | 69 | + } | ||
240 | 70 | + | ||
241 | 71 | service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
242 | 72 | authctxt->service; | ||
243 | 73 | if ((b = sshbuf_new()) == NULL) | ||
244 | 74 | --- a/auth2-pubkey.c | ||
245 | 75 | +++ b/auth2-pubkey.c | ||
246 | 76 | @@ -77,18 +77,14 @@ static int | ||
247 | 77 | userauth_pubkey(struct ssh *ssh) | ||
248 | 78 | { | ||
249 | 79 | Authctxt *authctxt = ssh->authctxt; | ||
250 | 80 | - struct sshbuf *b; | ||
251 | 81 | + struct sshbuf *b = NULL; | ||
252 | 82 | struct sshkey *key = NULL; | ||
253 | 83 | - char *pkalg, *userstyle = NULL, *fp = NULL; | ||
254 | 84 | - u_char *pkblob, *sig, have_sig; | ||
255 | 85 | + char *pkalg = NULL, *userstyle = NULL, *fp = NULL; | ||
256 | 86 | + u_char *pkblob = NULL, *sig = NULL, have_sig; | ||
257 | 87 | size_t blen, slen; | ||
258 | 88 | int r, pktype; | ||
259 | 89 | int authenticated = 0; | ||
260 | 90 | |||
261 | 91 | - if (!authctxt->valid) { | ||
262 | 92 | - debug2("%s: disabled because of invalid user", __func__); | ||
263 | 93 | - return 0; | ||
264 | 94 | - } | ||
265 | 95 | if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) | ||
266 | 96 | fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); | ||
267 | 97 | if (ssh->compat & SSH_BUG_PKAUTH) { | ||
268 | 98 | @@ -166,6 +162,12 @@ userauth_pubkey(struct ssh *ssh) | ||
269 | 99 | fatal("%s: sshbuf_put_string session id: %s", | ||
270 | 100 | __func__, ssh_err(r)); | ||
271 | 101 | } | ||
272 | 102 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
273 | 103 | + debug2("%s: disabled because of invalid user", | ||
274 | 104 | + __func__); | ||
275 | 105 | + sshbuf_free(b); | ||
276 | 106 | + goto done; | ||
277 | 107 | + } | ||
278 | 108 | /* reconstruct packet */ | ||
279 | 109 | xasprintf(&userstyle, "%s%s%s", authctxt->user, | ||
280 | 110 | authctxt->style ? ":" : "", | ||
281 | 111 | @@ -202,7 +204,6 @@ userauth_pubkey(struct ssh *ssh) | ||
282 | 112 | authenticated = 1; | ||
283 | 113 | } | ||
284 | 114 | sshbuf_free(b); | ||
285 | 115 | - free(sig); | ||
286 | 116 | auth2_record_key(authctxt, authenticated, key); | ||
287 | 117 | } else { | ||
288 | 118 | debug("%s: test whether pkalg/pkblob are acceptable for %s %s", | ||
289 | 119 | @@ -210,6 +211,11 @@ userauth_pubkey(struct ssh *ssh) | ||
290 | 120 | if ((r = sshpkt_get_end(ssh)) != 0) | ||
291 | 121 | fatal("%s: %s", __func__, ssh_err(r)); | ||
292 | 122 | |||
293 | 123 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
294 | 124 | + debug2("%s: disabled because of invalid user", | ||
295 | 125 | + __func__); | ||
296 | 126 | + goto done; | ||
297 | 127 | + } | ||
298 | 128 | /* XXX fake reply and always send PK_OK ? */ | ||
299 | 129 | /* | ||
300 | 130 | * XXX this allows testing whether a user is allowed | ||
301 | 131 | @@ -238,6 +244,7 @@ done: | ||
302 | 132 | free(pkalg); | ||
303 | 133 | free(pkblob); | ||
304 | 134 | free(fp); | ||
305 | 135 | + free(sig); | ||
306 | 136 | return authenticated; | ||
307 | 137 | } | ||
308 | 138 | |||
309 | diff --git a/debian/patches/CVE-2018-20685.patch b/debian/patches/CVE-2018-20685.patch | |||
310 | 0 | new file mode 100644 | 139 | new file mode 100644 |
311 | index 0000000..0c2b94a | |||
312 | --- /dev/null | |||
313 | +++ b/debian/patches/CVE-2018-20685.patch | |||
314 | @@ -0,0 +1,29 @@ | |||
315 | 1 | Backport of: | ||
316 | 2 | |||
317 | 3 | From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 | ||
318 | 4 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
319 | 5 | Date: Fri, 16 Nov 2018 03:03:10 +0000 | ||
320 | 6 | Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer | ||
321 | 7 | to the | ||
322 | 8 | |||
323 | 9 | current directory; based on report/patch from Harry Sintonen | ||
324 | 10 | |||
325 | 11 | OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 | ||
326 | 12 | --- | ||
327 | 13 | scp.c | 5 +++-- | ||
328 | 14 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
329 | 15 | |||
330 | 16 | Index: openssh-7.6p1/scp.c | ||
331 | 17 | =================================================================== | ||
332 | 18 | --- openssh-7.6p1.orig/scp.c 2019-01-31 08:56:55.553635620 -0500 | ||
333 | 19 | +++ openssh-7.6p1/scp.c 2019-01-31 08:56:55.553635620 -0500 | ||
334 | 20 | @@ -1073,7 +1073,8 @@ sink(int argc, char **argv) | ||
335 | 21 | SCREWUP("size out of range"); | ||
336 | 22 | size = (off_t)ull; | ||
337 | 23 | |||
338 | 24 | - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { | ||
339 | 25 | + if (*cp == '\0' || strchr(cp, '/') != NULL || | ||
340 | 26 | + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { | ||
341 | 27 | run_err("error: unexpected filename: %s", cp); | ||
342 | 28 | exit(1); | ||
343 | 29 | } | ||
344 | diff --git a/debian/patches/CVE-2019-6109-1.patch b/debian/patches/CVE-2019-6109-1.patch | |||
345 | 0 | new file mode 100644 | 30 | new file mode 100644 |
346 | index 0000000..7da9698 | |||
347 | --- /dev/null | |||
348 | +++ b/debian/patches/CVE-2019-6109-1.patch | |||
349 | @@ -0,0 +1,253 @@ | |||
350 | 1 | Backport of: | ||
351 | 2 | |||
352 | 3 | From 8976f1c4b2721c26e878151f52bdf346dfe2d54c Mon Sep 17 00:00:00 2001 | ||
353 | 4 | From: "dtucker@openbsd.org" <dtucker@openbsd.org> | ||
354 | 5 | Date: Wed, 23 Jan 2019 08:01:46 +0000 | ||
355 | 6 | Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we | ||
356 | 7 | move | ||
357 | 8 | |||
358 | 9 | the progressmeter formatting outside of signal handler context and have the | ||
359 | 10 | atomicio callback called for EINTR too. bz#2434 with contributions from djm | ||
360 | 11 | and jjelen at redhat.com, ok djm@ | ||
361 | 12 | |||
362 | 13 | OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 | ||
363 | 14 | --- | ||
364 | 15 | atomicio.c | 20 ++++++++++++++----- | ||
365 | 16 | progressmeter.c | 53 ++++++++++++++++++++++--------------------------- | ||
366 | 17 | progressmeter.h | 3 ++- | ||
367 | 18 | scp.c | 3 ++- | ||
368 | 19 | sftp-client.c | 18 +++++++++-------- | ||
369 | 20 | 5 files changed, 53 insertions(+), 44 deletions(-) | ||
370 | 21 | |||
371 | 22 | Index: openssh-7.6p1/atomicio.c | ||
372 | 23 | =================================================================== | ||
373 | 24 | --- openssh-7.6p1.orig/atomicio.c 2019-01-31 08:58:23.885841566 -0500 | ||
374 | 25 | +++ openssh-7.6p1/atomicio.c 2019-01-31 08:58:23.881841557 -0500 | ||
375 | 26 | @@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, siz | ||
376 | 27 | res = (f) (fd, s + pos, n - pos); | ||
377 | 28 | switch (res) { | ||
378 | 29 | case -1: | ||
379 | 30 | - if (errno == EINTR) | ||
380 | 31 | + if (errno == EINTR) { | ||
381 | 32 | + /* possible SIGALARM, update callback */ | ||
382 | 33 | + if (cb != NULL && cb(cb_arg, 0) == -1) { | ||
383 | 34 | + errno = EINTR; | ||
384 | 35 | + return pos; | ||
385 | 36 | + } | ||
386 | 37 | continue; | ||
387 | 38 | - if (errno == EAGAIN || errno == EWOULDBLOCK) { | ||
388 | 39 | + } else if (errno == EAGAIN || errno == EWOULDBLOCK) { | ||
389 | 40 | #ifndef BROKEN_READ_COMPARISON | ||
390 | 41 | (void)poll(&pfd, 1, -1); | ||
391 | 42 | #endif | ||
392 | 43 | @@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const stru | ||
393 | 44 | res = (f) (fd, iov, iovcnt); | ||
394 | 45 | switch (res) { | ||
395 | 46 | case -1: | ||
396 | 47 | - if (errno == EINTR) | ||
397 | 48 | + if (errno == EINTR) { | ||
398 | 49 | + /* possible SIGALARM, update callback */ | ||
399 | 50 | + if (cb != NULL && cb(cb_arg, 0) == -1) { | ||
400 | 51 | + errno = EINTR; | ||
401 | 52 | + return pos; | ||
402 | 53 | + } | ||
403 | 54 | continue; | ||
404 | 55 | - if (errno == EAGAIN || errno == EWOULDBLOCK) { | ||
405 | 56 | + } else if (errno == EAGAIN || errno == EWOULDBLOCK) { | ||
406 | 57 | #ifndef BROKEN_READV_COMPARISON | ||
407 | 58 | (void)poll(&pfd, 1, -1); | ||
408 | 59 | #endif | ||
409 | 60 | Index: openssh-7.6p1/progressmeter.c | ||
410 | 61 | =================================================================== | ||
411 | 62 | --- openssh-7.6p1.orig/progressmeter.c 2019-01-31 08:58:23.885841566 -0500 | ||
412 | 63 | +++ openssh-7.6p1/progressmeter.c 2019-01-31 08:58:23.881841557 -0500 | ||
413 | 64 | @@ -31,6 +31,7 @@ | ||
414 | 65 | |||
415 | 66 | #include <errno.h> | ||
416 | 67 | #include <signal.h> | ||
417 | 68 | +#include <stdarg.h> | ||
418 | 69 | #include <stdio.h> | ||
419 | 70 | #include <string.h> | ||
420 | 71 | #include <time.h> | ||
421 | 72 | @@ -39,6 +40,7 @@ | ||
422 | 73 | #include "progressmeter.h" | ||
423 | 74 | #include "atomicio.h" | ||
424 | 75 | #include "misc.h" | ||
425 | 76 | +#include "utf8.h" | ||
426 | 77 | |||
427 | 78 | #define DEFAULT_WINSIZE 80 | ||
428 | 79 | #define MAX_WINSIZE 512 | ||
429 | 80 | @@ -61,7 +63,7 @@ static void setscreensize(void); | ||
430 | 81 | void refresh_progress_meter(void); | ||
431 | 82 | |||
432 | 83 | /* signal handler for updating the progress meter */ | ||
433 | 84 | -static void update_progress_meter(int); | ||
434 | 85 | +static void sig_alarm(int); | ||
435 | 86 | |||
436 | 87 | static double start; /* start progress */ | ||
437 | 88 | static double last_update; /* last progress update */ | ||
438 | 89 | @@ -74,6 +76,7 @@ static long stalled; /* how long we hav | ||
439 | 90 | static int bytes_per_second; /* current speed in bytes per second */ | ||
440 | 91 | static int win_size; /* terminal window size */ | ||
441 | 92 | static volatile sig_atomic_t win_resized; /* for window resizing */ | ||
442 | 93 | +static volatile sig_atomic_t alarm_fired; | ||
443 | 94 | |||
444 | 95 | /* units for format_size */ | ||
445 | 96 | static const char unit[] = " KMGT"; | ||
446 | 97 | @@ -126,9 +129,17 @@ refresh_progress_meter(void) | ||
447 | 98 | off_t bytes_left; | ||
448 | 99 | int cur_speed; | ||
449 | 100 | int hours, minutes, seconds; | ||
450 | 101 | - int i, len; | ||
451 | 102 | int file_len; | ||
452 | 103 | |||
453 | 104 | + if ((!alarm_fired && !win_resized) || !can_output()) | ||
454 | 105 | + return; | ||
455 | 106 | + alarm_fired = 0; | ||
456 | 107 | + | ||
457 | 108 | + if (win_resized) { | ||
458 | 109 | + setscreensize(); | ||
459 | 110 | + win_resized = 0; | ||
460 | 111 | + } | ||
461 | 112 | + | ||
462 | 113 | transferred = *counter - (cur_pos ? cur_pos : start_pos); | ||
463 | 114 | cur_pos = *counter; | ||
464 | 115 | now = monotime_double(); | ||
465 | 116 | @@ -158,16 +169,11 @@ refresh_progress_meter(void) | ||
466 | 117 | |||
467 | 118 | /* filename */ | ||
468 | 119 | buf[0] = '\0'; | ||
469 | 120 | - file_len = win_size - 35; | ||
470 | 121 | + file_len = win_size - 36; | ||
471 | 122 | if (file_len > 0) { | ||
472 | 123 | - len = snprintf(buf, file_len + 1, "\r%s", file); | ||
473 | 124 | - if (len < 0) | ||
474 | 125 | - len = 0; | ||
475 | 126 | - if (len >= file_len + 1) | ||
476 | 127 | - len = file_len; | ||
477 | 128 | - for (i = len; i < file_len; i++) | ||
478 | 129 | - buf[i] = ' '; | ||
479 | 130 | - buf[file_len] = '\0'; | ||
480 | 131 | + buf[0] = '\r'; | ||
481 | 132 | + snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", | ||
482 | 133 | + file_len * -1, file); | ||
483 | 134 | } | ||
484 | 135 | |||
485 | 136 | /* percent of transfer done */ | ||
486 | 137 | @@ -228,22 +234,11 @@ refresh_progress_meter(void) | ||
487 | 138 | |||
488 | 139 | /*ARGSUSED*/ | ||
489 | 140 | static void | ||
490 | 141 | -update_progress_meter(int ignore) | ||
491 | 142 | +sig_alarm(int ignore) | ||
492 | 143 | { | ||
493 | 144 | - int save_errno; | ||
494 | 145 | - | ||
495 | 146 | - save_errno = errno; | ||
496 | 147 | - | ||
497 | 148 | - if (win_resized) { | ||
498 | 149 | - setscreensize(); | ||
499 | 150 | - win_resized = 0; | ||
500 | 151 | - } | ||
501 | 152 | - if (can_output()) | ||
502 | 153 | - refresh_progress_meter(); | ||
503 | 154 | - | ||
504 | 155 | - signal(SIGALRM, update_progress_meter); | ||
505 | 156 | + signal(SIGALRM, sig_alarm); | ||
506 | 157 | + alarm_fired = 1; | ||
507 | 158 | alarm(UPDATE_INTERVAL); | ||
508 | 159 | - errno = save_errno; | ||
509 | 160 | } | ||
510 | 161 | |||
511 | 162 | void | ||
512 | 163 | @@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_ | ||
513 | 164 | bytes_per_second = 0; | ||
514 | 165 | |||
515 | 166 | setscreensize(); | ||
516 | 167 | - if (can_output()) | ||
517 | 168 | - refresh_progress_meter(); | ||
518 | 169 | + refresh_progress_meter(); | ||
519 | 170 | |||
520 | 171 | - signal(SIGALRM, update_progress_meter); | ||
521 | 172 | + signal(SIGALRM, sig_alarm); | ||
522 | 173 | signal(SIGWINCH, sig_winch); | ||
523 | 174 | alarm(UPDATE_INTERVAL); | ||
524 | 175 | } | ||
525 | 176 | @@ -286,6 +280,7 @@ stop_progress_meter(void) | ||
526 | 177 | static void | ||
527 | 178 | sig_winch(int sig) | ||
528 | 179 | { | ||
529 | 180 | + signal(SIGWINCH, sig_winch); | ||
530 | 181 | win_resized = 1; | ||
531 | 182 | } | ||
532 | 183 | |||
533 | 184 | Index: openssh-7.6p1/progressmeter.h | ||
534 | 185 | =================================================================== | ||
535 | 186 | --- openssh-7.6p1.orig/progressmeter.h 2019-01-31 08:58:23.885841566 -0500 | ||
536 | 187 | +++ openssh-7.6p1/progressmeter.h 2019-01-31 08:58:23.881841557 -0500 | ||
537 | 188 | @@ -24,4 +24,5 @@ | ||
538 | 189 | */ | ||
539 | 190 | |||
540 | 191 | void start_progress_meter(const char *, off_t, off_t *); | ||
541 | 192 | +void refresh_progress_meter(void); | ||
542 | 193 | void stop_progress_meter(void); | ||
543 | 194 | Index: openssh-7.6p1/scp.c | ||
544 | 195 | =================================================================== | ||
545 | 196 | --- openssh-7.6p1.orig/scp.c 2019-01-31 08:58:23.885841566 -0500 | ||
546 | 197 | +++ openssh-7.6p1/scp.c 2019-01-31 08:58:23.881841557 -0500 | ||
547 | 198 | @@ -580,6 +580,7 @@ scpio(void *_cnt, size_t s) | ||
548 | 199 | off_t *cnt = (off_t *)_cnt; | ||
549 | 200 | |||
550 | 201 | *cnt += s; | ||
551 | 202 | + refresh_progress_meter(); | ||
552 | 203 | if (limit_kbps > 0) | ||
553 | 204 | bandwidth_limit(&bwlimit, s); | ||
554 | 205 | return 0; | ||
555 | 206 | Index: openssh-7.6p1/sftp-client.c | ||
556 | 207 | =================================================================== | ||
557 | 208 | --- openssh-7.6p1.orig/sftp-client.c 2019-01-31 08:58:23.885841566 -0500 | ||
558 | 209 | +++ openssh-7.6p1/sftp-client.c 2019-01-31 08:58:23.881841557 -0500 | ||
559 | 210 | @@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount) | ||
560 | 211 | { | ||
561 | 212 | struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; | ||
562 | 213 | |||
563 | 214 | - bandwidth_limit(bwlimit, amount); | ||
564 | 215 | + refresh_progress_meter(); | ||
565 | 216 | + if (bwlimit != NULL) | ||
566 | 217 | + bandwidth_limit(bwlimit, amount); | ||
567 | 218 | return 0; | ||
568 | 219 | } | ||
569 | 220 | |||
570 | 221 | @@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct | ||
571 | 222 | iov[1].iov_base = (u_char *)sshbuf_ptr(m); | ||
572 | 223 | iov[1].iov_len = sshbuf_len(m); | ||
573 | 224 | |||
574 | 225 | - if (atomiciov6(writev, conn->fd_out, iov, 2, | ||
575 | 226 | - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != | ||
576 | 227 | + if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, | ||
577 | 228 | + conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != | ||
578 | 229 | sshbuf_len(m) + sizeof(mlen)) | ||
579 | 230 | fatal("Couldn't send packet: %s", strerror(errno)); | ||
580 | 231 | |||
581 | 232 | @@ -138,8 +140,8 @@ get_msg(struct sftp_conn *conn, struct s | ||
582 | 233 | |||
583 | 234 | if ((r = sshbuf_reserve(m, 4, &p)) != 0) | ||
584 | 235 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
585 | 236 | - if (atomicio6(read, conn->fd_in, p, 4, | ||
586 | 237 | - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { | ||
587 | 238 | + if (atomicio6(read, conn->fd_in, p, 4, sftpio, | ||
588 | 239 | + conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { | ||
589 | 240 | if (errno == EPIPE || errno == ECONNRESET) | ||
590 | 241 | fatal("Connection closed"); | ||
591 | 242 | else | ||
592 | 243 | @@ -153,8 +155,8 @@ get_msg(struct sftp_conn *conn, struct s | ||
593 | 244 | |||
594 | 245 | if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) | ||
595 | 246 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
596 | 247 | - if (atomicio6(read, conn->fd_in, p, msg_len, | ||
597 | 248 | - conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) | ||
598 | 249 | + if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, | ||
599 | 250 | + conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) | ||
600 | 251 | != msg_len) { | ||
601 | 252 | if (errno == EPIPE) | ||
602 | 253 | fatal("Connection closed"); | ||
603 | diff --git a/debian/patches/CVE-2019-6109-2.patch b/debian/patches/CVE-2019-6109-2.patch | |||
604 | 0 | new file mode 100644 | 254 | new file mode 100644 |
605 | index 0000000..0cdc6d3 | |||
606 | --- /dev/null | |||
607 | +++ b/debian/patches/CVE-2019-6109-2.patch | |||
608 | @@ -0,0 +1,106 @@ | |||
609 | 1 | Backport of: | ||
610 | 2 | |||
611 | 3 | From bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb Mon Sep 17 00:00:00 2001 | ||
612 | 4 | From: "dtucker@openbsd.org" <dtucker@openbsd.org> | ||
613 | 5 | Date: Thu, 24 Jan 2019 16:52:17 +0000 | ||
614 | 6 | Subject: [PATCH] upstream: Have progressmeter force an update at the beginning | ||
615 | 7 | and | ||
616 | 8 | |||
617 | 9 | end of each transfer. Fixes the problem recently introduces where very quick | ||
618 | 10 | transfers do not display the progressmeter at all. Spotted by naddy@ | ||
619 | 11 | |||
620 | 12 | OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a | ||
621 | 13 | --- | ||
622 | 14 | progressmeter.c | 13 +++++-------- | ||
623 | 15 | progressmeter.h | 4 ++-- | ||
624 | 16 | scp.c | 4 ++-- | ||
625 | 17 | sftp-client.c | 4 ++-- | ||
626 | 18 | 4 files changed, 11 insertions(+), 14 deletions(-) | ||
627 | 19 | |||
628 | 20 | Index: openssh-7.6p1/progressmeter.c | ||
629 | 21 | =================================================================== | ||
630 | 22 | --- openssh-7.6p1.orig/progressmeter.c 2019-01-31 08:58:29.833855684 -0500 | ||
631 | 23 | +++ openssh-7.6p1/progressmeter.c 2019-01-31 08:58:29.833855684 -0500 | ||
632 | 24 | @@ -59,9 +59,6 @@ static void format_rate(char *, int, off | ||
633 | 25 | static void sig_winch(int); | ||
634 | 26 | static void setscreensize(void); | ||
635 | 27 | |||
636 | 28 | -/* updates the progressmeter to reflect the current state of the transfer */ | ||
637 | 29 | -void refresh_progress_meter(void); | ||
638 | 30 | - | ||
639 | 31 | /* signal handler for updating the progress meter */ | ||
640 | 32 | static void sig_alarm(int); | ||
641 | 33 | |||
642 | 34 | @@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t b | ||
643 | 35 | } | ||
644 | 36 | |||
645 | 37 | void | ||
646 | 38 | -refresh_progress_meter(void) | ||
647 | 39 | +refresh_progress_meter(int force_update) | ||
648 | 40 | { | ||
649 | 41 | char buf[MAX_WINSIZE + 1]; | ||
650 | 42 | off_t transferred; | ||
651 | 43 | @@ -131,7 +128,7 @@ refresh_progress_meter(void) | ||
652 | 44 | int hours, minutes, seconds; | ||
653 | 45 | int file_len; | ||
654 | 46 | |||
655 | 47 | - if ((!alarm_fired && !win_resized) || !can_output()) | ||
656 | 48 | + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) | ||
657 | 49 | return; | ||
658 | 50 | alarm_fired = 0; | ||
659 | 51 | |||
660 | 52 | @@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_ | ||
661 | 53 | bytes_per_second = 0; | ||
662 | 54 | |||
663 | 55 | setscreensize(); | ||
664 | 56 | - refresh_progress_meter(); | ||
665 | 57 | + refresh_progress_meter(1); | ||
666 | 58 | |||
667 | 59 | signal(SIGALRM, sig_alarm); | ||
668 | 60 | signal(SIGWINCH, sig_winch); | ||
669 | 61 | @@ -271,7 +268,7 @@ stop_progress_meter(void) | ||
670 | 62 | |||
671 | 63 | /* Ensure we complete the progress */ | ||
672 | 64 | if (cur_pos != end_pos) | ||
673 | 65 | - refresh_progress_meter(); | ||
674 | 66 | + refresh_progress_meter(1); | ||
675 | 67 | |||
676 | 68 | atomicio(vwrite, STDOUT_FILENO, "\n", 1); | ||
677 | 69 | } | ||
678 | 70 | Index: openssh-7.6p1/progressmeter.h | ||
679 | 71 | =================================================================== | ||
680 | 72 | --- openssh-7.6p1.orig/progressmeter.h 2019-01-31 08:58:29.833855684 -0500 | ||
681 | 73 | +++ openssh-7.6p1/progressmeter.h 2019-01-31 08:58:29.833855684 -0500 | ||
682 | 74 | @@ -24,5 +24,5 @@ | ||
683 | 75 | */ | ||
684 | 76 | |||
685 | 77 | void start_progress_meter(const char *, off_t, off_t *); | ||
686 | 78 | -void refresh_progress_meter(void); | ||
687 | 79 | +void refresh_progress_meter(int); | ||
688 | 80 | void stop_progress_meter(void); | ||
689 | 81 | Index: openssh-7.6p1/scp.c | ||
690 | 82 | =================================================================== | ||
691 | 83 | --- openssh-7.6p1.orig/scp.c 2019-01-31 08:58:29.833855684 -0500 | ||
692 | 84 | +++ openssh-7.6p1/scp.c 2019-01-31 08:58:29.833855684 -0500 | ||
693 | 85 | @@ -580,7 +580,7 @@ scpio(void *_cnt, size_t s) | ||
694 | 86 | off_t *cnt = (off_t *)_cnt; | ||
695 | 87 | |||
696 | 88 | *cnt += s; | ||
697 | 89 | - refresh_progress_meter(); | ||
698 | 90 | + refresh_progress_meter(0); | ||
699 | 91 | if (limit_kbps > 0) | ||
700 | 92 | bandwidth_limit(&bwlimit, s); | ||
701 | 93 | return 0; | ||
702 | 94 | Index: openssh-7.6p1/sftp-client.c | ||
703 | 95 | =================================================================== | ||
704 | 96 | --- openssh-7.6p1.orig/sftp-client.c 2019-01-31 08:58:29.833855684 -0500 | ||
705 | 97 | +++ openssh-7.6p1/sftp-client.c 2019-01-31 08:58:29.833855684 -0500 | ||
706 | 98 | @@ -101,7 +101,7 @@ sftpio(void *_bwlimit, size_t amount) | ||
707 | 99 | { | ||
708 | 100 | struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; | ||
709 | 101 | |||
710 | 102 | - refresh_progress_meter(); | ||
711 | 103 | + refresh_progress_meter(0); | ||
712 | 104 | if (bwlimit != NULL) | ||
713 | 105 | bandwidth_limit(bwlimit, amount); | ||
714 | 106 | return 0; | ||
715 | diff --git a/debian/patches/CVE-2019-6111-2.patch b/debian/patches/CVE-2019-6111-2.patch | |||
716 | 0 | new file mode 100644 | 107 | new file mode 100644 |
717 | index 0000000..21aa8fc | |||
718 | --- /dev/null | |||
719 | +++ b/debian/patches/CVE-2019-6111-2.patch | |||
720 | @@ -0,0 +1,348 @@ | |||
721 | 1 | From 3d896c157c722bc47adca51a58dca859225b5874 Mon Sep 17 00:00:00 2001 | ||
722 | 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
723 | 3 | Date: Sun, 10 Feb 2019 11:15:52 +0000 | ||
724 | 4 | Subject: [PATCH] upstream: when checking that filenames sent by the server | ||
725 | 5 | side | ||
726 | 6 | |||
727 | 7 | match what the client requested, be prepared to handle shell-style brace | ||
728 | 8 | alternations, e.g. "{foo,bar}". | ||
729 | 9 | |||
730 | 10 | "looks good to me" millert@ + in snaps for the last week courtesy | ||
731 | 11 | deraadt@ | ||
732 | 12 | |||
733 | 13 | OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e | ||
734 | 14 | --- | ||
735 | 15 | scp.c | 282 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- | ||
736 | 16 | 1 file changed, 270 insertions(+), 12 deletions(-) | ||
737 | 17 | |||
738 | 18 | Index: openssh-7.6p1/scp.c | ||
739 | 19 | =================================================================== | ||
740 | 20 | --- openssh-7.6p1.orig/scp.c 2019-03-04 07:17:32.294099797 -0500 | ||
741 | 21 | +++ openssh-7.6p1/scp.c 2019-03-04 07:17:32.294099797 -0500 | ||
742 | 22 | @@ -604,6 +604,253 @@ do_times(int fd, int verb, const struct | ||
743 | 23 | return (response()); | ||
744 | 24 | } | ||
745 | 25 | |||
746 | 26 | +/* Appends a string to an array; returns 0 on success, -1 on alloc failure */ | ||
747 | 27 | +static int | ||
748 | 28 | +append(char *cp, char ***ap, size_t *np) | ||
749 | 29 | +{ | ||
750 | 30 | + char **tmp; | ||
751 | 31 | + | ||
752 | 32 | + if ((tmp = reallocarray(*ap, *np + 1, sizeof(*tmp))) == NULL) | ||
753 | 33 | + return -1; | ||
754 | 34 | + tmp[(*np)] = cp; | ||
755 | 35 | + (*np)++; | ||
756 | 36 | + *ap = tmp; | ||
757 | 37 | + return 0; | ||
758 | 38 | +} | ||
759 | 39 | + | ||
760 | 40 | +/* | ||
761 | 41 | + * Finds the start and end of the first brace pair in the pattern. | ||
762 | 42 | + * returns 0 on success or -1 for invalid patterns. | ||
763 | 43 | + */ | ||
764 | 44 | +static int | ||
765 | 45 | +find_brace(const char *pattern, int *startp, int *endp) | ||
766 | 46 | +{ | ||
767 | 47 | + int i; | ||
768 | 48 | + int in_bracket, brace_level; | ||
769 | 49 | + | ||
770 | 50 | + *startp = *endp = -1; | ||
771 | 51 | + in_bracket = brace_level = 0; | ||
772 | 52 | + for (i = 0; i < INT_MAX && *endp < 0 && pattern[i] != '\0'; i++) { | ||
773 | 53 | + switch (pattern[i]) { | ||
774 | 54 | + case '\\': | ||
775 | 55 | + /* skip next character */ | ||
776 | 56 | + if (pattern[i + 1] != '\0') | ||
777 | 57 | + i++; | ||
778 | 58 | + break; | ||
779 | 59 | + case '[': | ||
780 | 60 | + in_bracket = 1; | ||
781 | 61 | + break; | ||
782 | 62 | + case ']': | ||
783 | 63 | + in_bracket = 0; | ||
784 | 64 | + break; | ||
785 | 65 | + case '{': | ||
786 | 66 | + if (in_bracket) | ||
787 | 67 | + break; | ||
788 | 68 | + if (pattern[i + 1] == '}') { | ||
789 | 69 | + /* Protect a single {}, for find(1), like csh */ | ||
790 | 70 | + i++; /* skip */ | ||
791 | 71 | + break; | ||
792 | 72 | + } | ||
793 | 73 | + if (*startp == -1) | ||
794 | 74 | + *startp = i; | ||
795 | 75 | + brace_level++; | ||
796 | 76 | + break; | ||
797 | 77 | + case '}': | ||
798 | 78 | + if (in_bracket) | ||
799 | 79 | + break; | ||
800 | 80 | + if (*startp < 0) { | ||
801 | 81 | + /* Unbalanced brace */ | ||
802 | 82 | + return -1; | ||
803 | 83 | + } | ||
804 | 84 | + if (--brace_level <= 0) | ||
805 | 85 | + *endp = i; | ||
806 | 86 | + break; | ||
807 | 87 | + } | ||
808 | 88 | + } | ||
809 | 89 | + /* unbalanced brackets/braces */ | ||
810 | 90 | + if (*endp < 0 && (*startp >= 0 || in_bracket)) | ||
811 | 91 | + return -1; | ||
812 | 92 | + return 0; | ||
813 | 93 | +} | ||
814 | 94 | + | ||
815 | 95 | +/* | ||
816 | 96 | + * Assembles and records a successfully-expanded pattern, returns -1 on | ||
817 | 97 | + * alloc failure. | ||
818 | 98 | + */ | ||
819 | 99 | +static int | ||
820 | 100 | +emit_expansion(const char *pattern, int brace_start, int brace_end, | ||
821 | 101 | + int sel_start, int sel_end, char ***patternsp, size_t *npatternsp) | ||
822 | 102 | +{ | ||
823 | 103 | + char *cp; | ||
824 | 104 | + int o = 0, tail_len = strlen(pattern + brace_end + 1); | ||
825 | 105 | + | ||
826 | 106 | + if ((cp = malloc(brace_start + (sel_end - sel_start) + | ||
827 | 107 | + tail_len + 1)) == NULL) | ||
828 | 108 | + return -1; | ||
829 | 109 | + | ||
830 | 110 | + /* Pattern before initial brace */ | ||
831 | 111 | + if (brace_start > 0) { | ||
832 | 112 | + memcpy(cp, pattern, brace_start); | ||
833 | 113 | + o = brace_start; | ||
834 | 114 | + } | ||
835 | 115 | + /* Current braced selection */ | ||
836 | 116 | + if (sel_end - sel_start > 0) { | ||
837 | 117 | + memcpy(cp + o, pattern + sel_start, | ||
838 | 118 | + sel_end - sel_start); | ||
839 | 119 | + o += sel_end - sel_start; | ||
840 | 120 | + } | ||
841 | 121 | + /* Remainder of pattern after closing brace */ | ||
842 | 122 | + if (tail_len > 0) { | ||
843 | 123 | + memcpy(cp + o, pattern + brace_end + 1, tail_len); | ||
844 | 124 | + o += tail_len; | ||
845 | 125 | + } | ||
846 | 126 | + cp[o] = '\0'; | ||
847 | 127 | + if (append(cp, patternsp, npatternsp) != 0) { | ||
848 | 128 | + free(cp); | ||
849 | 129 | + return -1; | ||
850 | 130 | + } | ||
851 | 131 | + return 0; | ||
852 | 132 | +} | ||
853 | 133 | + | ||
854 | 134 | +/* | ||
855 | 135 | + * Expand the first encountered brace in pattern, appending the expanded | ||
856 | 136 | + * patterns it yielded to the *patternsp array. | ||
857 | 137 | + * | ||
858 | 138 | + * Returns 0 on success or -1 on allocation failure. | ||
859 | 139 | + * | ||
860 | 140 | + * Signals whether expansion was performed via *expanded and whether | ||
861 | 141 | + * pattern was invalid via *invalid. | ||
862 | 142 | + */ | ||
863 | 143 | +static int | ||
864 | 144 | +brace_expand_one(const char *pattern, char ***patternsp, size_t *npatternsp, | ||
865 | 145 | + int *expanded, int *invalid) | ||
866 | 146 | +{ | ||
867 | 147 | + int i; | ||
868 | 148 | + int in_bracket, brace_start, brace_end, brace_level; | ||
869 | 149 | + int sel_start, sel_end; | ||
870 | 150 | + | ||
871 | 151 | + *invalid = *expanded = 0; | ||
872 | 152 | + | ||
873 | 153 | + if (find_brace(pattern, &brace_start, &brace_end) != 0) { | ||
874 | 154 | + *invalid = 1; | ||
875 | 155 | + return 0; | ||
876 | 156 | + } else if (brace_start == -1) | ||
877 | 157 | + return 0; | ||
878 | 158 | + | ||
879 | 159 | + in_bracket = brace_level = 0; | ||
880 | 160 | + for (i = sel_start = brace_start + 1; i < brace_end; i++) { | ||
881 | 161 | + switch (pattern[i]) { | ||
882 | 162 | + case '{': | ||
883 | 163 | + if (in_bracket) | ||
884 | 164 | + break; | ||
885 | 165 | + brace_level++; | ||
886 | 166 | + break; | ||
887 | 167 | + case '}': | ||
888 | 168 | + if (in_bracket) | ||
889 | 169 | + break; | ||
890 | 170 | + brace_level--; | ||
891 | 171 | + break; | ||
892 | 172 | + case '[': | ||
893 | 173 | + in_bracket = 1; | ||
894 | 174 | + break; | ||
895 | 175 | + case ']': | ||
896 | 176 | + in_bracket = 0; | ||
897 | 177 | + break; | ||
898 | 178 | + case '\\': | ||
899 | 179 | + if (i < brace_end - 1) | ||
900 | 180 | + i++; /* skip */ | ||
901 | 181 | + break; | ||
902 | 182 | + } | ||
903 | 183 | + if (pattern[i] == ',' || i == brace_end - 1) { | ||
904 | 184 | + if (in_bracket || brace_level > 0) | ||
905 | 185 | + continue; | ||
906 | 186 | + /* End of a selection, emit an expanded pattern */ | ||
907 | 187 | + | ||
908 | 188 | + /* Adjust end index for last selection */ | ||
909 | 189 | + sel_end = (i == brace_end - 1) ? brace_end : i; | ||
910 | 190 | + if (emit_expansion(pattern, brace_start, brace_end, | ||
911 | 191 | + sel_start, sel_end, patternsp, npatternsp) != 0) | ||
912 | 192 | + return -1; | ||
913 | 193 | + /* move on to the next selection */ | ||
914 | 194 | + sel_start = i + 1; | ||
915 | 195 | + continue; | ||
916 | 196 | + } | ||
917 | 197 | + } | ||
918 | 198 | + if (in_bracket || brace_level > 0) { | ||
919 | 199 | + *invalid = 1; | ||
920 | 200 | + return 0; | ||
921 | 201 | + } | ||
922 | 202 | + /* success */ | ||
923 | 203 | + *expanded = 1; | ||
924 | 204 | + return 0; | ||
925 | 205 | +} | ||
926 | 206 | + | ||
927 | 207 | +/* Expand braces from pattern. Returns 0 on success, -1 on failure */ | ||
928 | 208 | +static int | ||
929 | 209 | +brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) | ||
930 | 210 | +{ | ||
931 | 211 | + char *cp, *cp2, **active = NULL, **done = NULL; | ||
932 | 212 | + size_t i, nactive = 0, ndone = 0; | ||
933 | 213 | + int ret = -1, invalid = 0, expanded = 0; | ||
934 | 214 | + | ||
935 | 215 | + *patternsp = NULL; | ||
936 | 216 | + *npatternsp = 0; | ||
937 | 217 | + | ||
938 | 218 | + /* Start the worklist with the original pattern */ | ||
939 | 219 | + if ((cp = strdup(pattern)) == NULL) | ||
940 | 220 | + return -1; | ||
941 | 221 | + if (append(cp, &active, &nactive) != 0) { | ||
942 | 222 | + free(cp); | ||
943 | 223 | + return -1; | ||
944 | 224 | + } | ||
945 | 225 | + while (nactive > 0) { | ||
946 | 226 | + cp = active[nactive - 1]; | ||
947 | 227 | + nactive--; | ||
948 | 228 | + if (brace_expand_one(cp, &active, &nactive, | ||
949 | 229 | + &expanded, &invalid) == -1) { | ||
950 | 230 | + free(cp); | ||
951 | 231 | + goto fail; | ||
952 | 232 | + } | ||
953 | 233 | + if (invalid) | ||
954 | 234 | + fatal("%s: invalid brace pattern \"%s\"", __func__, cp); | ||
955 | 235 | + if (expanded) { | ||
956 | 236 | + /* | ||
957 | 237 | + * Current entry expanded to new entries on the | ||
958 | 238 | + * active list; discard the progenitor pattern. | ||
959 | 239 | + */ | ||
960 | 240 | + free(cp); | ||
961 | 241 | + continue; | ||
962 | 242 | + } | ||
963 | 243 | + /* | ||
964 | 244 | + * Pattern did not expand; append the finename component to | ||
965 | 245 | + * the completed list | ||
966 | 246 | + */ | ||
967 | 247 | + if ((cp2 = strrchr(cp, '/')) != NULL) | ||
968 | 248 | + *cp2++ = '\0'; | ||
969 | 249 | + else | ||
970 | 250 | + cp2 = cp; | ||
971 | 251 | + if (append(xstrdup(cp2), &done, &ndone) != 0) { | ||
972 | 252 | + free(cp); | ||
973 | 253 | + goto fail; | ||
974 | 254 | + } | ||
975 | 255 | + free(cp); | ||
976 | 256 | + } | ||
977 | 257 | + /* success */ | ||
978 | 258 | + *patternsp = done; | ||
979 | 259 | + *npatternsp = ndone; | ||
980 | 260 | + done = NULL; | ||
981 | 261 | + ndone = 0; | ||
982 | 262 | + ret = 0; | ||
983 | 263 | + fail: | ||
984 | 264 | + for (i = 0; i < nactive; i++) | ||
985 | 265 | + free(active[i]); | ||
986 | 266 | + free(active); | ||
987 | 267 | + for (i = 0; i < ndone; i++) | ||
988 | 268 | + free(done[i]); | ||
989 | 269 | + free(done); | ||
990 | 270 | + return ret; | ||
991 | 271 | +} | ||
992 | 272 | + | ||
993 | 273 | void | ||
994 | 274 | toremote(char *targ, int argc, char **argv) | ||
995 | 275 | { | ||
996 | 276 | @@ -959,7 +1206,8 @@ sink(int argc, char **argv, const char * | ||
997 | 277 | unsigned long long ull; | ||
998 | 278 | int setimes, targisdir, wrerrno = 0; | ||
999 | 279 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; | ||
1000 | 280 | - char *src_copy = NULL, *restrict_pattern = NULL; | ||
1001 | 281 | + char **patterns = NULL; | ||
1002 | 282 | + size_t n, npatterns = 0; | ||
1003 | 283 | struct timeval tv[2]; | ||
1004 | 284 | |||
1005 | 285 | #define atime tv[0] | ||
1006 | 286 | @@ -989,16 +1237,13 @@ sink(int argc, char **argv, const char * | ||
1007 | 287 | * Prepare to try to restrict incoming filenames to match | ||
1008 | 288 | * the requested destination file glob. | ||
1009 | 289 | */ | ||
1010 | 290 | - if ((src_copy = strdup(src)) == NULL) | ||
1011 | 291 | - fatal("strdup failed"); | ||
1012 | 292 | - if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { | ||
1013 | 293 | - *restrict_pattern++ = '\0'; | ||
1014 | 294 | - } | ||
1015 | 295 | + if (brace_expand(src, &patterns, &npatterns) != 0) | ||
1016 | 296 | + fatal("%s: could not expand pattern", __func__); | ||
1017 | 297 | } | ||
1018 | 298 | for (first = 1;; first = 0) { | ||
1019 | 299 | cp = buf; | ||
1020 | 300 | if (atomicio(read, remin, cp, 1) != 1) | ||
1021 | 301 | - return; | ||
1022 | 302 | + goto done; | ||
1023 | 303 | if (*cp++ == '\n') | ||
1024 | 304 | SCREWUP("unexpected <newline>"); | ||
1025 | 305 | do { | ||
1026 | 306 | @@ -1024,7 +1269,7 @@ sink(int argc, char **argv, const char * | ||
1027 | 307 | } | ||
1028 | 308 | if (buf[0] == 'E') { | ||
1029 | 309 | (void) atomicio(vwrite, remout, "", 1); | ||
1030 | 310 | - return; | ||
1031 | 311 | + goto done; | ||
1032 | 312 | } | ||
1033 | 313 | if (ch == '\n') | ||
1034 | 314 | *--cp = 0; | ||
1035 | 315 | @@ -1097,9 +1342,14 @@ sink(int argc, char **argv, const char * | ||
1036 | 316 | run_err("error: unexpected filename: %s", cp); | ||
1037 | 317 | exit(1); | ||
1038 | 318 | } | ||
1039 | 319 | - if (restrict_pattern != NULL && | ||
1040 | 320 | - fnmatch(restrict_pattern, cp, 0) != 0) | ||
1041 | 321 | - SCREWUP("filename does not match request"); | ||
1042 | 322 | + if (npatterns > 0) { | ||
1043 | 323 | + for (n = 0; n < npatterns; n++) { | ||
1044 | 324 | + if (fnmatch(patterns[n], cp, 0) == 0) | ||
1045 | 325 | + break; | ||
1046 | 326 | + } | ||
1047 | 327 | + if (n >= npatterns) | ||
1048 | 328 | + SCREWUP("filename does not match request"); | ||
1049 | 329 | + } | ||
1050 | 330 | if (targisdir) { | ||
1051 | 331 | static char *namebuf; | ||
1052 | 332 | static size_t cursize; | ||
1053 | 333 | @@ -1258,7 +1508,15 @@ bad: run_err("%s: %s", np, strerror(er | ||
1054 | 334 | break; | ||
1055 | 335 | } | ||
1056 | 336 | } | ||
1057 | 337 | +done: | ||
1058 | 338 | + for (n = 0; n < npatterns; n++) | ||
1059 | 339 | + free(patterns[n]); | ||
1060 | 340 | + free(patterns); | ||
1061 | 341 | + return; | ||
1062 | 342 | screwup: | ||
1063 | 343 | + for (n = 0; n < npatterns; n++) | ||
1064 | 344 | + free(patterns[n]); | ||
1065 | 345 | + free(patterns); | ||
1066 | 346 | run_err("protocol error: %s", why); | ||
1067 | 347 | exit(1); | ||
1068 | 348 | } | ||
1069 | diff --git a/debian/patches/CVE-2019-6111.patch b/debian/patches/CVE-2019-6111.patch | |||
1070 | 0 | new file mode 100644 | 349 | new file mode 100644 |
1071 | index 0000000..72b8bde | |||
1072 | --- /dev/null | |||
1073 | +++ b/debian/patches/CVE-2019-6111.patch | |||
1074 | @@ -0,0 +1,182 @@ | |||
1075 | 1 | Backport of: | ||
1076 | 2 | |||
1077 | 3 | From 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc Mon Sep 17 00:00:00 2001 | ||
1078 | 4 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
1079 | 5 | Date: Sat, 26 Jan 2019 22:41:28 +0000 | ||
1080 | 6 | Subject: [PATCH] upstream: check in scp client that filenames sent during | ||
1081 | 7 | |||
1082 | 8 | remote->local directory copies satisfy the wildcard specified by the user. | ||
1083 | 9 | |||
1084 | 10 | This checking provides some protection against a malicious server | ||
1085 | 11 | sending unexpected filenames, but it comes at a risk of rejecting wanted | ||
1086 | 12 | files due to differences between client and server wildcard expansion rules. | ||
1087 | 13 | |||
1088 | 14 | For this reason, this also adds a new -T flag to disable the check. | ||
1089 | 15 | |||
1090 | 16 | reported by Harry Sintonen | ||
1091 | 17 | fix approach suggested by markus@; | ||
1092 | 18 | has been in snaps for ~1wk courtesy deraadt@ | ||
1093 | 19 | |||
1094 | 20 | OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda | ||
1095 | 21 | --- | ||
1096 | 22 | scp.1 | 16 +++++++++++++--- | ||
1097 | 23 | scp.c | 39 ++++++++++++++++++++++++++++++--------- | ||
1098 | 24 | 2 files changed, 43 insertions(+), 12 deletions(-) | ||
1099 | 25 | |||
1100 | 26 | Index: openssh-7.6p1/scp.1 | ||
1101 | 27 | =================================================================== | ||
1102 | 28 | --- openssh-7.6p1.orig/scp.1 2019-01-31 08:57:08.113664456 -0500 | ||
1103 | 29 | +++ openssh-7.6p1/scp.1 2019-01-31 08:57:44.625749147 -0500 | ||
1104 | 30 | @@ -19,7 +19,7 @@ | ||
1105 | 31 | .Sh SYNOPSIS | ||
1106 | 32 | .Nm scp | ||
1107 | 33 | .Bk -words | ||
1108 | 34 | -.Op Fl 346BCpqrv | ||
1109 | 35 | +.Op Fl 346BCpqrTv | ||
1110 | 36 | .Op Fl c Ar cipher | ||
1111 | 37 | .Op Fl F Ar ssh_config | ||
1112 | 38 | .Op Fl i Ar identity_file | ||
1113 | 39 | @@ -202,6 +202,16 @@ to use for the encrypted connection. | ||
1114 | 40 | The program must understand | ||
1115 | 41 | .Xr ssh 1 | ||
1116 | 42 | options. | ||
1117 | 43 | +.It Fl T | ||
1118 | 44 | +Disable strict filename checking. | ||
1119 | 45 | +By default when copying files from a remote host to a local directory | ||
1120 | 46 | +.Nm | ||
1121 | 47 | +checks that the received filenames match those requested on the command-line | ||
1122 | 48 | +to prevent the remote end from sending unexpected or unwanted files. | ||
1123 | 49 | +Because of differences in how various operating systems and shells interpret | ||
1124 | 50 | +filename wildcards, these checks may cause wanted files to be rejected. | ||
1125 | 51 | +This option disables these checks at the expense of fully trusting that | ||
1126 | 52 | +the server will not send unexpected filenames. | ||
1127 | 53 | .It Fl v | ||
1128 | 54 | Verbose mode. | ||
1129 | 55 | Causes | ||
1130 | 56 | Index: openssh-7.6p1/scp.c | ||
1131 | 57 | =================================================================== | ||
1132 | 58 | --- openssh-7.6p1.orig/scp.c 2019-01-31 08:57:08.113664456 -0500 | ||
1133 | 59 | +++ openssh-7.6p1/scp.c 2019-01-31 08:57:08.109664446 -0500 | ||
1134 | 60 | @@ -94,6 +94,7 @@ | ||
1135 | 61 | #include <dirent.h> | ||
1136 | 62 | #include <errno.h> | ||
1137 | 63 | #include <fcntl.h> | ||
1138 | 64 | +#include <fnmatch.h> | ||
1139 | 65 | #include <limits.h> | ||
1140 | 66 | #include <locale.h> | ||
1141 | 67 | #include <pwd.h> | ||
1142 | 68 | @@ -365,14 +366,14 @@ void verifydir(char *); | ||
1143 | 69 | struct passwd *pwd; | ||
1144 | 70 | uid_t userid; | ||
1145 | 71 | int errs, remin, remout; | ||
1146 | 72 | -int pflag, iamremote, iamrecursive, targetshouldbedirectory; | ||
1147 | 73 | +int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; | ||
1148 | 74 | |||
1149 | 75 | #define CMDNEEDS 64 | ||
1150 | 76 | char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ | ||
1151 | 77 | |||
1152 | 78 | int response(void); | ||
1153 | 79 | void rsource(char *, struct stat *); | ||
1154 | 80 | -void sink(int, char *[]); | ||
1155 | 81 | +void sink(int, char *[], const char *); | ||
1156 | 82 | void source(int, char *[]); | ||
1157 | 83 | void tolocal(int, char *[]); | ||
1158 | 84 | void toremote(char *, int, char *[]); | ||
1159 | 85 | @@ -409,8 +410,9 @@ main(int argc, char **argv) | ||
1160 | 86 | addargs(&args, "-oPermitLocalCommand=no"); | ||
1161 | 87 | addargs(&args, "-oClearAllForwardings=yes"); | ||
1162 | 88 | |||
1163 | 89 | - fflag = tflag = 0; | ||
1164 | 90 | - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) | ||
1165 | 91 | + fflag = Tflag = tflag = 0; | ||
1166 | 92 | + while ((ch = getopt(argc, argv, | ||
1167 | 93 | + "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) { | ||
1168 | 94 | switch (ch) { | ||
1169 | 95 | /* User-visible flags. */ | ||
1170 | 96 | case '1': | ||
1171 | 97 | @@ -490,9 +492,13 @@ main(int argc, char **argv) | ||
1172 | 98 | setmode(0, O_BINARY); | ||
1173 | 99 | #endif | ||
1174 | 100 | break; | ||
1175 | 101 | + case 'T': | ||
1176 | 102 | + Tflag = 1; | ||
1177 | 103 | + break; | ||
1178 | 104 | default: | ||
1179 | 105 | usage(); | ||
1180 | 106 | } | ||
1181 | 107 | + } | ||
1182 | 108 | argc -= optind; | ||
1183 | 109 | argv += optind; | ||
1184 | 110 | |||
1185 | 111 | @@ -523,7 +529,7 @@ main(int argc, char **argv) | ||
1186 | 112 | } | ||
1187 | 113 | if (tflag) { | ||
1188 | 114 | /* Receive data. */ | ||
1189 | 115 | - sink(argc, argv); | ||
1190 | 116 | + sink(argc, argv, NULL); | ||
1191 | 117 | exit(errs != 0); | ||
1192 | 118 | } | ||
1193 | 119 | if (argc < 2) | ||
1194 | 120 | @@ -763,7 +769,7 @@ tolocal(int argc, char **argv) | ||
1195 | 121 | continue; | ||
1196 | 122 | } | ||
1197 | 123 | free(bp); | ||
1198 | 124 | - sink(1, argv + argc - 1); | ||
1199 | 125 | + sink(1, argv + argc - 1, src); | ||
1200 | 126 | (void) close(remin); | ||
1201 | 127 | remin = remout = -1; | ||
1202 | 128 | } | ||
1203 | 129 | @@ -936,7 +942,7 @@ rsource(char *name, struct stat *statp) | ||
1204 | 130 | (sizeof(type) != 4 && sizeof(type) != 8)) | ||
1205 | 131 | |||
1206 | 132 | void | ||
1207 | 133 | -sink(int argc, char **argv) | ||
1208 | 134 | +sink(int argc, char **argv, const char *src) | ||
1209 | 135 | { | ||
1210 | 136 | static BUF buffer; | ||
1211 | 137 | struct stat stb; | ||
1212 | 138 | @@ -952,6 +958,7 @@ sink(int argc, char **argv) | ||
1213 | 139 | unsigned long long ull; | ||
1214 | 140 | int setimes, targisdir, wrerrno = 0; | ||
1215 | 141 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; | ||
1216 | 142 | + char *src_copy = NULL, *restrict_pattern = NULL; | ||
1217 | 143 | struct timeval tv[2]; | ||
1218 | 144 | |||
1219 | 145 | #define atime tv[0] | ||
1220 | 146 | @@ -976,6 +983,17 @@ sink(int argc, char **argv) | ||
1221 | 147 | (void) atomicio(vwrite, remout, "", 1); | ||
1222 | 148 | if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) | ||
1223 | 149 | targisdir = 1; | ||
1224 | 150 | + if (src != NULL && !iamrecursive && !Tflag) { | ||
1225 | 151 | + /* | ||
1226 | 152 | + * Prepare to try to restrict incoming filenames to match | ||
1227 | 153 | + * the requested destination file glob. | ||
1228 | 154 | + */ | ||
1229 | 155 | + if ((src_copy = strdup(src)) == NULL) | ||
1230 | 156 | + fatal("strdup failed"); | ||
1231 | 157 | + if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { | ||
1232 | 158 | + *restrict_pattern++ = '\0'; | ||
1233 | 159 | + } | ||
1234 | 160 | + } | ||
1235 | 161 | for (first = 1;; first = 0) { | ||
1236 | 162 | cp = buf; | ||
1237 | 163 | if (atomicio(read, remin, cp, 1) != 1) | ||
1238 | 164 | @@ -1078,6 +1096,9 @@ sink(int argc, char **argv) | ||
1239 | 165 | run_err("error: unexpected filename: %s", cp); | ||
1240 | 166 | exit(1); | ||
1241 | 167 | } | ||
1242 | 168 | + if (restrict_pattern != NULL && | ||
1243 | 169 | + fnmatch(restrict_pattern, cp, 0) != 0) | ||
1244 | 170 | + SCREWUP("filename does not match request"); | ||
1245 | 171 | if (targisdir) { | ||
1246 | 172 | static char *namebuf; | ||
1247 | 173 | static size_t cursize; | ||
1248 | 174 | @@ -1115,7 +1136,7 @@ sink(int argc, char **argv) | ||
1249 | 175 | goto bad; | ||
1250 | 176 | } | ||
1251 | 177 | vect[0] = xstrdup(np); | ||
1252 | 178 | - sink(1, vect); | ||
1253 | 179 | + sink(1, vect, src); | ||
1254 | 180 | if (setimes) { | ||
1255 | 181 | setimes = 0; | ||
1256 | 182 | if (utimes(vect[0], tv) < 0) | ||
1257 | diff --git a/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch b/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch | |||
1258 | 0 | new file mode 100644 | 183 | new file mode 100644 |
1259 | index 0000000..5f9fc47 | |||
1260 | --- /dev/null | |||
1261 | +++ b/debian/patches/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch | |||
1262 | @@ -0,0 +1,31 @@ | |||
1263 | 1 | From c9c1bba06ad1c7cad8548549a68c071bd807af60 Mon Sep 17 00:00:00 2001 | ||
1264 | 2 | From: "stsp@openbsd.org" <stsp@openbsd.org> | ||
1265 | 3 | Date: Tue, 23 Jan 2018 20:00:58 +0000 | ||
1266 | 4 | Subject: [PATCH] upstream commit | ||
1267 | 5 | |||
1268 | 6 | Fix a logic bug in sshd_exchange_identification which | ||
1269 | 7 | prevented clients using major protocol version 2 from connecting to the | ||
1270 | 8 | server. ok millert@ | ||
1271 | 9 | |||
1272 | 10 | OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 | ||
1273 | 11 | |||
1274 | 12 | Backport-Note: dropped the no-op file header change | ||
1275 | 13 | Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=c9c1bba06 | ||
1276 | 14 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1863930 | ||
1277 | 15 | Last-Update: 2020-03-03 | ||
1278 | 16 | |||
1279 | 17 | --- | ||
1280 | 18 | sshd.c | 4 ++-- | ||
1281 | 19 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
1282 | 20 | |||
1283 | 21 | --- a/sshd.c | ||
1284 | 22 | +++ b/sshd.c | ||
1285 | 23 | @@ -465,7 +465,7 @@ sshd_exchange_identification(struct ssh | ||
1286 | 24 | chop(server_version_string); | ||
1287 | 25 | debug("Local version string %.200s", server_version_string); | ||
1288 | 26 | |||
1289 | 27 | - if (remote_major != 2 || | ||
1290 | 28 | + if (remote_major != 2 && | ||
1291 | 29 | !(remote_major == 1 && remote_minor == 99)) { | ||
1292 | 30 | s = "Protocol major versions differ.\n"; | ||
1293 | 31 | (void) atomicio(vwrite, sock_out, s, strlen(s)); | ||
1294 | diff --git a/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch b/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch | |||
1295 | 0 | new file mode 100644 | 32 | new file mode 100644 |
1296 | index 0000000..dbb035d | |||
1297 | --- /dev/null | |||
1298 | +++ b/debian/patches/lp-1863930-unbreak-clients-that-advertise-protocol.patch | |||
1299 | @@ -0,0 +1,31 @@ | |||
1300 | 1 | From 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec Mon Sep 17 00:00:00 2001 | ||
1301 | 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
1302 | 3 | Date: Tue, 23 Jan 2018 05:12:12 +0000 | ||
1303 | 4 | Subject: [PATCH] upstream commit | ||
1304 | 5 | |||
1305 | 6 | unbreak support for clients that advertise a protocol | ||
1306 | 7 | version of "1.99" (indicating both v2 and v1 support). Busted by me during | ||
1307 | 8 | SSHv1 purge in r1.358; bz2810, ok dtucker | ||
1308 | 9 | |||
1309 | 10 | OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b | ||
1310 | 11 | |||
1311 | 12 | Backport-Note: dropped the no-op file header change | ||
1312 | 13 | Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=9e9c4a7e5 | ||
1313 | 14 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1863930 | ||
1314 | 15 | Last-Update: 2020-03-03 | ||
1315 | 16 | |||
1316 | 17 | --- | ||
1317 | 18 | sshd.c | 4 ++-- | ||
1318 | 19 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
1319 | 20 | |||
1320 | 21 | --- a/sshd.c | ||
1321 | 22 | +++ b/sshd.c | ||
1322 | 23 | @@ -466,7 +466,7 @@ sshd_exchange_identification(struct ssh | ||
1323 | 24 | debug("Local version string %.200s", server_version_string); | ||
1324 | 25 | |||
1325 | 26 | if (remote_major != 2 || | ||
1326 | 27 | - (remote_major == 1 && remote_minor != 99)) { | ||
1327 | 28 | + !(remote_major == 1 && remote_minor == 99)) { | ||
1328 | 29 | s = "Protocol major versions differ.\n"; | ||
1329 | 30 | (void) atomicio(vwrite, sock_out, s, strlen(s)); | ||
1330 | 31 | close(sock_in); | ||
1331 | diff --git a/debian/patches/regress-2020.patch b/debian/patches/regress-2020.patch | |||
1332 | 0 | new file mode 100644 | 32 | new file mode 100644 |
1333 | index 0000000..b46e0df | |||
1334 | --- /dev/null | |||
1335 | +++ b/debian/patches/regress-2020.patch | |||
1336 | @@ -0,0 +1,44 @@ | |||
1337 | 1 | From df3ad29af495185aa9b051028ae94b965a4b1659 Mon Sep 17 00:00:00 2001 | ||
1338 | 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
1339 | 3 | Date: Fri, 3 Jan 2020 03:02:26 +0000 | ||
1340 | 4 | Subject: upstream: what bozo decided to use 2020 as a future date in a regress | ||
1341 | 5 | |||
1342 | 6 | test? | ||
1343 | 7 | |||
1344 | 8 | OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a | ||
1345 | 9 | |||
1346 | 10 | Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381 | ||
1347 | 11 | Last-Update: 2020-01-09 | ||
1348 | 12 | |||
1349 | 13 | Patch-Name: regress-2020.patch | ||
1350 | 14 | --- | ||
1351 | 15 | regress/cert-hostkey.sh | 2 +- | ||
1352 | 16 | regress/cert-userkey.sh | 2 +- | ||
1353 | 17 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
1354 | 18 | |||
1355 | 19 | diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh | ||
1356 | 20 | index 86ea62504..844adabcc 100644 | ||
1357 | 21 | --- a/regress/cert-hostkey.sh | ||
1358 | 22 | +++ b/regress/cert-hostkey.sh | ||
1359 | 23 | @@ -252,7 +252,7 @@ test_one() { | ||
1360 | 24 | test_one "user-certificate" failure "-n $HOSTS" | ||
1361 | 25 | test_one "empty principals" success "-h" | ||
1362 | 26 | test_one "wrong principals" failure "-h -n foo" | ||
1363 | 27 | -test_one "cert not yet valid" failure "-h -V20200101:20300101" | ||
1364 | 28 | +test_one "cert not yet valid" failure "-h -V20300101:20320101" | ||
1365 | 29 | test_one "cert expired" failure "-h -V19800101:19900101" | ||
1366 | 30 | test_one "cert valid interval" success "-h -V-1w:+2w" | ||
1367 | 31 | test_one "cert has constraints" failure "-h -Oforce-command=false" | ||
1368 | 32 | diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh | ||
1369 | 33 | index 38c14a698..5cd02fc3f 100644 | ||
1370 | 34 | --- a/regress/cert-userkey.sh | ||
1371 | 35 | +++ b/regress/cert-userkey.sh | ||
1372 | 36 | @@ -338,7 +338,7 @@ test_one() { | ||
1373 | 37 | test_one "correct principal" success "-n ${USER}" | ||
1374 | 38 | test_one "host-certificate" failure "-n ${USER} -h" | ||
1375 | 39 | test_one "wrong principals" failure "-n foo" | ||
1376 | 40 | -test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" | ||
1377 | 41 | +test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" | ||
1378 | 42 | test_one "cert expired" failure "-n ${USER} -V19800101:19900101" | ||
1379 | 43 | test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" | ||
1380 | 44 | test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" | ||
1381 | diff --git a/debian/patches/series b/debian/patches/series | |||
1382 | index 580b919..d8dd5ae 100644 | |||
1383 | --- a/debian/patches/series | |||
1384 | +++ b/debian/patches/series | |||
1385 | @@ -21,8 +21,26 @@ gnome-ssh-askpass2-icon.patch | |||
1386 | 21 | systemd-readiness.patch | 21 | systemd-readiness.patch |
1387 | 22 | debian-config.patch | 22 | debian-config.patch |
1388 | 23 | restore-authorized_keys2.patch | 23 | restore-authorized_keys2.patch |
1389 | 24 | <<<<<<< debian/patches/series | ||
1390 | 24 | revert-ipqos-defaults.patch | 25 | revert-ipqos-defaults.patch |
1391 | 25 | maxhostnamelen.patch | 26 | maxhostnamelen.patch |
1392 | 26 | conch-ssh-rsa.patch | 27 | conch-ssh-rsa.patch |
1393 | 27 | improve-zero-call-used-regs-detection.patch | 28 | improve-zero-call-used-regs-detection.patch |
1394 | 28 | sandbox-ppoll_time64.patch | 29 | sandbox-ppoll_time64.patch |
1395 | 30 | ======= | ||
1396 | 31 | seccomp-s390-flock-ipc.patch | ||
1397 | 32 | seccomp-getuid-geteuid.patch | ||
1398 | 33 | seccomp-s390-ioctl-ep11-crypto.patch | ||
1399 | 34 | permitopen-argument-handling.patch | ||
1400 | 35 | fix-regress-putty-transfer.patch | ||
1401 | 36 | CVE-2018-15473.patch | ||
1402 | 37 | CVE-2018-20685.patch | ||
1403 | 38 | CVE-2019-6111.patch | ||
1404 | 39 | CVE-2019-6109-1.patch | ||
1405 | 40 | CVE-2019-6109-2.patch | ||
1406 | 41 | CVE-2019-6111-2.patch | ||
1407 | 42 | regress-2020.patch | ||
1408 | 43 | lp-1863930-unbreak-clients-that-advertise-protocol.patch | ||
1409 | 44 | lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch | ||
1410 | 45 | 0001-upstream-preserve-group-world-read-permission-on-kno.patch | ||
1411 | 46 | >>>>>>> debian/patches/series |