Date: Thursday, July 23, 2015 @ 04:38:36 Author: bisson Revision: 242452
fix https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ Added: openssh/trunk/keyboard-interactive.patch Modified: openssh/trunk/PKGBUILD ----------------------------+ PKGBUILD | 9 ++++++- keyboard-interactive.patch | 52 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-07-23 00:53:11 UTC (rev 242451) +++ PKGBUILD 2015-07-23 02:38:36 UTC (rev 242452) @@ -5,7 +5,7 @@ pkgname=openssh pkgver=6.9p1 -pkgrel=1 +pkgrel=2 pkgdesc='Free version of the SSH connectivity tools' url='http://www.openssh.org/portable.html' license=('custom:BSD') @@ -16,6 +16,7 @@ 'x11-ssh-askpass: input passphrase in X') validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30') source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc} + 'keyboard-interactive.patch' 'sshdgenkeys.service' '[email protected]' 'sshd.service' @@ -23,6 +24,7 @@ 'sshd.conf' 'sshd.pam') sha1sums=('86ab57f00d0fd9bf302760f2f6deac1b6e9df265' 'SKIP' + 'ef9e9327a943839abb3d202783b318e9cd2bdcd5' 'cc1ceec606c98c7407e7ac21ade23aed81e31405' '6a0ff3305692cf83aca96e10f3bb51e1c26fccda' 'ec49c6beba923e201505f5669cea48cad29014db' @@ -34,6 +36,11 @@ install=install +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../keyboard-interactive.patch +} + build() { cd "${srcdir}/${pkgname}-${pkgver}" Added: keyboard-interactive.patch =================================================================== --- keyboard-interactive.patch (rev 0) +++ keyboard-interactive.patch 2015-07-23 02:38:36 UTC (rev 242452) @@ -0,0 +1,52 @@ +From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001 +From: "[email protected]" <[email protected]> +Date: Sat, 18 Jul 2015 07:57:14 +0000 +Subject: upstream commit + +only query each keyboard-interactive device once per + authentication request regardless of how many times it is listed; ok markus@ + +Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 +--- + auth2-chall.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/auth2-chall.c b/auth2-chall.c +index ddabe1a..4aff09d 100644 +--- a/auth2-chall.c ++++ b/auth2-chall.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ ++/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ + /* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2001 Per Allansson. All rights reserved. +@@ -83,6 +83,7 @@ struct KbdintAuthctxt + void *ctxt; + KbdintDevice *device; + u_int nreq; ++ u_int devices_done; + }; + + #ifdef USE_PAM +@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) + if (len == 0) + break; + for (i = 0; devices[i]; i++) { +- if (!auth2_method_allowed(authctxt, ++ if ((kbdintctxt->devices_done & (1 << i)) != 0 || ++ !auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; +- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) ++ if (strncmp(kbdintctxt->devices, devices[i]->name, ++ len) == 0) { + kbdintctxt->device = devices[i]; ++ kbdintctxt->devices_done |= 1 << i; ++ } + } + t = kbdintctxt->devices; + kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; +-- +cgit v0.11.2 +
