Hello community, here is the log from the commit of package pam_ssh for openSUSE:Factory checked in at 2013-05-13 15:10:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_ssh (Old) and /work/SRC/openSUSE:Factory/.pam_ssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_ssh" Changes: -------- --- /work/SRC/openSUSE:Factory/pam_ssh/pam_ssh.changes 2013-01-14 11:14:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pam_ssh.new/pam_ssh.changes 2013-05-13 15:10:59.000000000 +0200 @@ -1,0 +2,10 @@ +Mon Apr 29 10:39:54 UTC 2013 - [email protected] + +- update to 1.98 + * bugfix update obsoleting + - pam_ssh-1.97-empty_passphrase_segfault.patch + - pam_ssh-1.97-setgid.patch + - pam_ssh-1.97-sigmask.patch + - pam_ssh-double-free.patch + +------------------------------------------------------------------- Old: ---- pam_ssh-1.97-empty_passphrase_segfault.patch pam_ssh-1.97-setgid.patch pam_ssh-1.97-sigmask.patch pam_ssh-1.97.tar.bz2 pam_ssh-double-free.patch New: ---- pam_ssh-1.98.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ssh.spec ++++++ --- /var/tmp/diff_new_pack.yEAJS6/_old 2013-05-13 15:11:00.000000000 +0200 +++ /var/tmp/diff_new_pack.yEAJS6/_new 2013-05-13 15:11:00.000000000 +0200 @@ -21,7 +21,7 @@ BuildRequires: openssh BuildRequires: openssl-devel BuildRequires: pam-devel -Version: 1.97 +Version: 1.98 Release: 0 Summary: PAM Module for SSH Authentication License: BSD-3-Clause @@ -29,11 +29,6 @@ Url: http://sourceforge.net/projects/pam-ssh/ Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf -Patch0: pam_ssh-double-free.patch -Patch1: pam_ssh-1.97-setgid.patch -Patch2: pam_ssh-1.97-sigmask.patch -# PATCH-FIX-OPENSUSE crashed on EOF passphrase (bnc#741541) -Patch3: pam_ssh-1.97-empty_passphrase_segfault.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -44,13 +39,9 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p0 -%patch3 -p1 %build -autoreconf --verbose --force --install +#autoreconf --verbose --force --install export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %configure --libdir=/%{_lib} \ --with-pamdir=/%{_lib}/security ++++++ pam_ssh-1.97.tar.bz2 -> pam_ssh-1.98.tar.bz2 ++++++ ++++ 53544 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/ChangeLog new/pam_ssh-1.98/ChangeLog --- old/pam_ssh-1.97/ChangeLog 2009-04-11 21:37:43.000000000 +0200 +++ new/pam_ssh-1.98/ChangeLog 2013-04-29 12:24:46.000000000 +0200 @@ -1,3 +1,26 @@ +Version 1.98 released +===================== +2013-04-29 Wolfgang Rosenauer + + * pam_ssh.c: Under some conditions, there is a double-free bug + in pam_ssh. The data of the "ssh_agent_env_agent" + pam_handle_t's item may have been free'd without being + nullified, which trigger a bug on the cleanup phase. + (ticket #13 double-free bug with pam_ssh-1.97) + + * pam_ssh.c: Before executing ssh-agent, pam_ssh restores root + privileges with openpam_restore_cred, then uses only setuid + to adjust privileges. Thus ssh-agent runs with gid 0. + (ticket #12 pam_ssh doesn't set gid/groups before executing ssh-agent) + + * pam_ssh.c: Clear signal mask before executing ssh-agent as + pam_ssh code can be called from kdm with blocked TERM signal + which would be inherited by ssh-agent + + * pam_get_pass.c: fixed crash caused by EOF password + (ticket 14 pam_ssh segfaults on abort with empty password) + + Version 1.97 released ===================== 2009-04-11 Wolfgang Rosenauer diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/NEWS new/pam_ssh-1.98/NEWS --- old/pam_ssh-1.97/NEWS 2009-04-11 21:43:44.000000000 +0200 +++ new/pam_ssh-1.98/NEWS 2013-04-29 12:24:46.000000000 +0200 @@ -1,9 +1,28 @@ -$Id: NEWS,v 1.12 2009/04/11 19:43:44 rosenauer Exp $ +Version 1.98 +============ + +Fixed some possible crashes and minor issues: + +* Under some conditions, there is a double-free bug + in pam_ssh. The data of the "ssh_agent_env_agent" + pam_handle_t's item may have been free'd without being + nullified, which trigger a bug on the cleanup phase. + (ticket #13 double-free bug with pam_ssh-1.97) +* Before executing ssh-agent, pam_ssh restores root + privileges with openpam_restore_cred, then uses only setuid + to adjust privileges. Thus ssh-agent runs with gid 0. + (ticket #12 pam_ssh doesn't set gid/groups before executing ssh-agent) +* Clear signal mask before executing ssh-agent as + pam_ssh code can be called from kdm with blocked TERM signal + which would be inherited by ssh-agent +* fixed crash caused by EOF password + (ticket 14 pam_ssh segfaults on abort with empty password) + Version 1.97 ============ -SECURITY FIX: pam_ssh used a certain prompt if a user found to exist +SECURITY FIX: pam_ssh used a certain prompt if a user found to exist to ask for the SSH passphrase explicitely depending on whether the username was valid or invalid, which made it easier for remote attackers to enumerate usernames. (CVE-2009-1273) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/config.h.in new/pam_ssh-1.98/config.h.in --- old/pam_ssh-1.97/config.h.in 2008-05-12 20:57:12.000000000 +0200 +++ new/pam_ssh-1.98/config.h.in 2013-04-29 12:24:46.000000000 +0200 @@ -83,6 +83,10 @@ /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + /* Name of package */ #undef PACKAGE @@ -98,6 +102,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION @@ -116,13 +123,13 @@ /* Define to `int' if <sys/types.h> doesn't define. */ #undef gid_t -/* Define to `long' if <sys/types.h> does not define. */ +/* Define to `long int' if <sys/types.h> does not define. */ #undef off_t /* Define to `int' if <sys/types.h> does not define. */ #undef pid_t -/* Define to `unsigned' if <sys/types.h> does not define. */ +/* Define to `unsigned int' if <sys/types.h> does not define. */ #undef size_t /* Define to `int' if <sys/types.h> doesn't define. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/configure.ac new/pam_ssh-1.98/configure.ac --- old/pam_ssh-1.97/configure.ac 2009-04-11 21:43:44.000000000 +0200 +++ new/pam_ssh-1.98/configure.ac 2013-04-29 12:24:46.000000000 +0200 @@ -23,16 +23,15 @@ dnl OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF dnl SUCH DAMAGE. dnl -dnl $Id: configure.ac,v 1.12 2009/04/11 19:43:44 rosenauer Exp $ dnl Process this file with autoconf to produce a configure script. -AC_INIT([pam_ssh],[1.97],[[email protected]]) +AC_INIT([pam_ssh],[1.98],[[email protected]]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_SRCDIR([pam_ssh.c]) AC_CANONICAL_TARGET([]) AM_DISABLE_STATIC -AM_INIT_AUTOMAKE(pam_ssh, 1.97) +AM_INIT_AUTOMAKE(pam_ssh, 1.98) AM_PROG_LIBTOOL AC_SUBST(LIBTOOL_DEPS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/pam_get_pass.c new/pam_ssh-1.98/pam_get_pass.c --- old/pam_ssh-1.97/pam_get_pass.c 2009-04-11 21:31:31.000000000 +0200 +++ new/pam_ssh-1.98/pam_get_pass.c 2013-04-29 12:24:46.000000000 +0200 @@ -63,6 +63,8 @@ retval = conv->conv(1, msgs, &resp, conv->appdata_ptr); if (retval != PAM_SUCCESS) return retval; + if (resp[0].resp == NULL) + return PAM_AUTHTOK_RECOVERY_ERR; retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); if (retval != PAM_SUCCESS) return retval; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/pam_ssh.c new/pam_ssh-1.98/pam_ssh.c --- old/pam_ssh-1.97/pam_ssh.c 2008-05-12 20:57:12.000000000 +0200 +++ new/pam_ssh-1.98/pam_ssh.c 2013-04-29 12:24:46.000000000 +0200 @@ -43,6 +43,7 @@ #include <sys/cdefs.h> #include <sys/param.h> #include <sys/stat.h> +#include <sys/types.h> #include <config.h> #if HAVE_SYS_WAIT_H # include <sys/wait.h> @@ -67,6 +68,7 @@ #include <sysexits.h> #include <unistd.h> #include <time.h> +#include <grp.h> #define PAM_SM_AUTH #define PAM_SM_SESSION @@ -554,6 +556,7 @@ time_t file_ctime; /* creation time of per-agent file */ time_t time_now; /* current time */ time_t time_up; /* uptime */ + sigset_t sigmask; /* blocked signal mask */ memset(&options, 0, sizeof options); pam_std_option(&options, other_options, argc, argv); @@ -625,9 +628,9 @@ pam_ssh_log(LOG_DEBUG, "per_agent file already exists"); /* invalidate the status files if the reboot time was later * than the file creation time */ - if (retval = stat(per_agent, &stat_buf)) { + if ((retval = stat(per_agent, &stat_buf))) { pam_ssh_log(LOG_ERR, "stat() failed on %s", per_agent); - free(per_agent); + pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); fclose(env_read); return retval; } @@ -646,7 +649,7 @@ if (start_agent) { if ((env_write = open(per_agent, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR)) < 0) { pam_ssh_log(LOG_ERR, "can't write to %s", per_agent); - free(per_agent); + pam_set_data(pamh, "ssh_agent_env_agent", NULL, NULL); openpam_restore_cred(pamh); return PAM_SERVICE_ERR; } @@ -684,7 +687,8 @@ _exit(EX_OSERR); /* NOTREACHED */ case PAM_SUCCESS: - if (setuid(pwent->pw_uid) == -1) { + if (initgroups(pwent->pw_name, pwent->pw_gid) == -1 || + setgid(pwent->pw_gid) == -1 || setuid(pwent->pw_uid) == -1) { pam_ssh_log(LOG_ERR, "can't drop privileges: %m", pwent->pw_uid); @@ -707,6 +711,10 @@ _exit(EX_OSERR); } } + + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + arg[0] = "ssh-agent"; arg[1] = "-s"; arg[2] = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/pam_ssh-1.97/pam_ssh.spec new/pam_ssh-1.98/pam_ssh.spec --- old/pam_ssh-1.97/pam_ssh.spec 2009-04-11 21:42:33.000000000 +0200 +++ new/pam_ssh-1.98/pam_ssh.spec 2013-04-29 12:24:46.000000000 +0200 @@ -4,7 +4,7 @@ BuildRequires: pam-devel License: BSD Group: Productivity/Networking/SSH -Version: 1.97 +Version: 1.98 Release: 1 Summary: A Pluggable Authentication Module (PAM) for use with SSH. URL: http://sourceforge.net/projects/pam-ssh/ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
