Hello community, here is the log from the commit of package openssh for openSUSE:Leap:15.2 checked in at 2020-03-02 17:21:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/openssh (Old) and /work/SRC/openSUSE:Leap:15.2/.openssh.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Mon Mar 2 17:21:40 2020 rev:63 rq:780493 version:8.1p1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/openssh/openssh.changes 2020-02-13 14:40:39.405650726 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.openssh.new.26092/openssh.changes 2020-03-02 17:21:46.682113172 +0100 @@ -1,0 +2,16 @@ +Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <[email protected]> + +- Add patches to fix the sandbox blocking glibc on 32bit platforms + (boo#1164061): + * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch + * openssh-8.1p1-seccomp-clock_gettime64.patch + +------------------------------------------------------------------- +Tue Feb 11 02:20:32 UTC 2020 - Hans Petter Jansson <[email protected]> + +- Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This + performs key derivation using OpenSSL's SSHKDF facility, which + allows OpenSSH to benefit from the former's FIPS certification + status. + +------------------------------------------------------------------- @@ -209 +225,4 @@ - attack. However, the code was broken since the upgrade to 7.6p1. + attack. + The code was broken since the upgrade to 7.6p1, but nobody noticed. + As apparently no one needs the functionality any more, let's drop + the patch. @@ -237,0 +257 @@ + * Removed openssh-7.9p1-scp-name-validator.patch @@ -247,6 +266,0 @@ -Wed Jan 30 14:18:03 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> - -- Revert recent patch that introduces regressions [bsc#1123028] - * Removed openssh-7.9p1-scp-name-validator.patch - -------------------------------------------------------------------- @@ -288,2 +302 @@ - * Added patch openssh-7.6p1-scp-name-validator.patch renamed as - openssh-7.9p1-scp-name-validator.patch + * Added patch openssh-7.9p1-scp-name-validator.patch @@ -316,7 +328,0 @@ -Mon Nov 19 16:03:08 UTC 2018 - Vítězslav Čížek <[email protected]> - -- Revert fix for CVE-2018-15919 which broke GSSAPI authentication - (bsc#1115654, boo#1116577) - * drop openssh-7.6p1-bsc_1111776-CVE-2018-15919.patch - -------------------------------------------------------------------- @@ -329,14 +334,0 @@ -Fri Oct 26 14:51:21 UTC 2018 - Jason Sikes <[email protected]> - -- Stop leaking File descriptors - *(bsc#964336) - * edited openssh-7.7p1-fips_checks.patch - -------------------------------------------------------------------- -Fri Oct 26 14:01:01 UTC 2018 - Jason Sikes <[email protected]> - -- Security fix for user enumeration via auth2-gss.c - *(bsc#1106163) - * [openssh-7.6p1-bsc_1111776-CVE-2018-15919.patch] - -------------------------------------------------------------------- @@ -401,6 +392,0 @@ -Fri Oct 19 12:36:22 UTC 2018 - Pedro Monreal Gonzalez <[email protected]> - -- sftp-client.c returns wrong error code upon failure [bsc#1091396] - * Added openssh-7.6p1-sftp-client-return-code.patch - -------------------------------------------------------------------- @@ -427,15 +412,0 @@ - -------------------------------------------------------------------- -Wed Oct 10 11:24:17 UTC 2018 - Pedro Monreal Gonzalez <[email protected]> - -- added pam_keyinit to pam configuration file [bsc#1081947] - -------------------------------------------------------------------- -Tue Oct 9 15:38:38 UTC 2018 - Pedro Monreal <[email protected]> - -- Security fix [CVE-2018-15473, bsc#1105010] - * OpenSSH through 7.7 is prone to a user enumeration vulnerability - due to not delaying bailout for an invalid authenticating user - until after the packet containing the request has been fully - parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. - * Added patch openssh-7.6p1-CVE-2018-15473.patch New: ---- openssh-8.1p1-seccomp-clock_gettime64.patch openssh-8.1p1-seccomp-clock_nanosleep_time64.patch openssh-8.1p1-use-openssl-kdf.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.o73qMb/_old 2020-03-02 17:21:47.522114791 +0100 +++ /var/tmp/diff_new_pack.o73qMb/_new 2020-03-02 17:21:47.526114799 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.o73qMb/_old 2020-03-02 17:21:47.542114830 +0100 +++ /var/tmp/diff_new_pack.o73qMb/_new 2020-03-02 17:21:47.546114837 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -69,6 +69,7 @@ Patch14: openssh-7.7p1-seccomp_stat.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Patch15: openssh-7.7p1-seccomp_ipc_flock.patch +# https://bugzilla.mindrot.org/show_bug.cgi?id=2752 # Local FIPS patchset Patch17: openssh-7.7p1-fips.patch # Local cavs patchset @@ -99,6 +100,9 @@ Patch34: openssh-7.9p1-keygen-preserve-perms.patch Patch35: openssh-7.9p1-revert-new-qos-defaults.patch Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch +Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch +Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch +Patch39: openssh-8.1p1-use-openssl-kdf.patch BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff ++++++ openssh-8.1p1-audit.patch ++++++ --- /var/tmp/diff_new_pack.o73qMb/_old 2020-03-02 17:21:47.726115184 +0100 +++ /var/tmp/diff_new_pack.o73qMb/_new 2020-03-02 17:21:47.730115192 +0100 @@ -1,14 +1,8 @@ -commit b80e8a5be8699fa8fad5449fdda93b6e88906fe3 -Author: Hans Petter Jansson <[email protected]> -Date: Tue Feb 4 18:34:01 2020 +0100 - - Patch 24: openssh-8.1p1-audit.patch - diff --git a/Makefile.in b/Makefile.in -index a2e6a61..224e3b5 100644 +index 02bafbc..4ee4ab2 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -105,7 +105,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ +@@ -110,7 +110,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kexgexc.o kexgexs.o \ sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ kexgssc.o \ @@ -2051,7 +2045,7 @@ void session_close(struct ssh *, Session *); void do_setusercontext(struct passwd *); diff --git a/sshd.c b/sshd.c -index 5a65097..ac3dec0 100644 +index 0d5c4c4..dca7b1e 100644 --- a/sshd.c +++ b/sshd.c @@ -124,6 +124,7 @@ @@ -2295,19 +2289,16 @@ #endif _exit(i); diff --git a/sshkey.c b/sshkey.c -index 4d2048b..85a87cf 100644 +index 4d2048b..142dc09 100644 --- a/sshkey.c +++ b/sshkey.c -@@ -340,6 +340,41 @@ sshkey_type_is_valid_ca(int type) +@@ -340,6 +340,38 @@ sshkey_type_is_valid_ca(int type) } } +int +sshkey_is_private(const struct sshkey *k) +{ -+ if (k == NULL) -+ return 0; -+ + switch (k->type) { +#ifdef WITH_OPENSSL + case KEY_RSA_CERT: ++++++ openssh-8.1p1-seccomp-clock_gettime64.patch ++++++ >From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001 From: Khem Raj <[email protected]> Date: Tue, 7 Jan 2020 16:26:45 -0800 Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox. This helps sshd accept connections on mips platforms with upcoming glibc ( 2.31 ) --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 3ef30c9d5..999c46c9f 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_clock_nanosleep_time64 SC_ALLOW(__NR_clock_nanosleep_time64), #endif +#ifdef __NR_clock_gettime64 + SC_ALLOW(__NR_clock_gettime64), +#endif #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif ++++++ openssh-8.1p1-seccomp-clock_nanosleep_time64.patch ++++++ >From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001 From: Darren Tucker <[email protected]> Date: Mon, 16 Dec 2019 13:55:56 +1100 Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox. Needed on Linux ARM. bz#3100, patch from [email protected]. --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) Index: openssh-8.1p1/sandbox-seccomp-filter.c =================================================================== --- openssh-8.1p1.orig/sandbox-seccomp-filter.c +++ openssh-8.1p1/sandbox-seccomp-filter.c @@ -251,6 +251,9 @@ static const struct sock_filter preauth_ #ifdef __NR_clock_nanosleep SC_ALLOW(__NR_clock_nanosleep), #endif +#ifdef __NR_clock_nanosleep_time64 + SC_ALLOW(__NR_clock_nanosleep_time64), +#endif #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif ++++++ openssh-8.1p1-use-openssl-kdf.patch ++++++ diff --git a/kex.c b/kex.c index 96e44a5..7cd37d6 100644 --- a/kex.c +++ b/kex.c @@ -38,6 +38,7 @@ #ifdef WITH_OPENSSL #include <openssl/crypto.h> #include <openssl/dh.h> +#include <openssl/kdf.h> #endif #include "ssh.h" @@ -1109,8 +1110,92 @@ kex_choose_conf(struct ssh *ssh) return r; } +#ifdef WITH_OPENSSL + +static const EVP_MD * +get_openssl_md_for_hash_alg (int hash_alg) +{ + if (hash_alg < 0 || hash_alg >= SSH_DIGEST_MAX) + return NULL; + + switch (hash_alg) + { + case SSH_DIGEST_MD5: + return EVP_md5(); + case SSH_DIGEST_SHA1: + return EVP_sha1(); + case SSH_DIGEST_SHA256: + return EVP_sha256(); + case SSH_DIGEST_SHA384: + return EVP_sha384(); + case SSH_DIGEST_SHA512: + return EVP_sha512(); + default: + break; + } + + return NULL; +} + static int -derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, +derive_key_via_openssl(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, + const struct sshbuf *shared_secret, u_char **keyp) +{ + struct kex *kex = ssh->kex; + EVP_KDF_CTX *hashctx = NULL; + const EVP_MD *md = NULL; + u_char *digest = NULL; + int r = SSH_ERR_LIBCRYPTO_ERROR; + + hashctx = EVP_KDF_CTX_new_id (EVP_KDF_SSHKDF); + if (!hashctx) + goto out; + + md = get_openssl_md_for_hash_alg (kex->hash_alg); + if (!md) + goto out; + + if (EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_MD, + md) != 1 + || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_KEY, + sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) != 1 + || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, + (int) id) != 1 + || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, + hash, (size_t) hashlen) != 1 + || EVP_KDF_ctrl (hashctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, + kex->session_id, (size_t) kex->session_id_len) != 1) + goto out; + + digest = calloc (1, need); + if (!digest) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if (EVP_KDF_derive (hashctx, digest, need) != 1) + goto out; + + *keyp = digest; + digest = NULL; + r = 0; + + out: + if (hashctx) + EVP_KDF_CTX_free(hashctx); + + if (digest) + free(digest); + + return r; +} + +#else +# error This version of openssh must be built with openssl to benefit from FIPS certification. +#endif + +static int +derive_key_via_internal(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, const struct sshbuf *shared_secret, u_char **keyp) { struct kex *kex = ssh->kex; @@ -1174,6 +1259,50 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, return r; } +/* Belt and suspenders; we want the output from openssl because it's FIPS certified. However, + * if there's a bug in the implementation, we should not proceed. Minimize risk by requiring + * the implementations agree. */ +static int +derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, + const struct sshbuf *shared_secret, u_char **keyp) +{ +#ifdef WITH_OPENSSL + + u_char *buf_openssl = NULL, *buf_internal = NULL; + int r; + + r = derive_key_via_openssl (ssh, id, need, hash, hashlen, shared_secret, &buf_openssl); + if (r != 0) + goto out; + + r = derive_key_via_internal (ssh, id, need, hash, hashlen, shared_secret, &buf_internal); + if (r != 0) + goto out; + + if (memcmp (buf_openssl, buf_internal, need)) + { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + + *keyp = buf_openssl; + buf_openssl = NULL; + + out: + if (buf_openssl) + free (buf_openssl); + if (buf_internal) + free (buf_internal); + + return r; + +#else + + return derive_key_via_internal (ssh, id, need, hash, hashlen, shared_secret, keyp); + +#endif +} + #define NKEYS 6 int kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
