From patchwork Mon Apr 19 20:58:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 4191 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FPK1020prz44Qc for ; Mon, 19 Apr 2021 20:58:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FPK0z6s3yz1ZT; Mon, 19 Apr 2021 20:58:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FPK0z6S1Xz2yK5; Mon, 19 Apr 2021 20:58:43 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FPK0z2f0bz2xkX for ; Mon, 19 Apr 2021 20:58:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FPK0y4CK1z10D; Mon, 19 Apr 2021 20:58:42 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1618865922; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3qMSTuQ2IetDqiGzoohl3uYFZPFPQ93wIMCNFZiCZ9s=; b=QpiaNKQ+5rW1bXomLG9Q3/hI8vMMKinkU8C0CPCCdnNn4/4cPfylimsJt7T7O+MjmYoaue fm1/e57y5wJR+FBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1618865922; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3qMSTuQ2IetDqiGzoohl3uYFZPFPQ93wIMCNFZiCZ9s=; b=Kit3eqky0DJFUcmu/CBH9eWJC58bH3Jt/9RJadUrmczvVLaGIBUIYayc9V/YdC6Alv+Cc/ 88nGl2ux1Tk+iXNqBw2p5+0kdVVvNFHj/zFIwIQ5W+Inx3CCKRLdFza8tyRSgZN5rwQJkn AIg7ZU77H3D5sOV2/NzwkDjuv1NXuz/fFIlwYPqTZMIQlo9tOlrEpo7/IDirgpunYh9Na6 QJq5EeuVKb61IWfqAB2U75KwKMo3NMYgeU7wC+3fGVvmypMwtmpjyiAkx0VfSsbauluRDH tDljO4MjDtEg7mGT9xEiRygW8AwDAczoeoUdcnsp3Cpd8gz7uGvW9eyT9sAzLQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] openssh: Update to 8.6p1 Date: Mon, 19 Apr 2021 22:58:40 +0200 Message-Id: <20210419205840.2101477-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 8.5p1 to 8.6p1 - Update of rootfile not needed - Changelog Future deprecation notice It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. OpenSSH will disable this signature scheme by default in the near future. Note that the deactivation of "ssh-rsa" signatures does not necessarily require cessation of use for RSA keys. In the SSH protocol, keys may be capable of signing using multiple algorithms. In particular, "ssh-rsa" keys are capable of signing using "rsa-sha2-256" (RSA/SHA256), "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of these is being turned off by default. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs that is still enabled by default. The better alternatives include: * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them. * The RFC8709 ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5. * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7. To check whether a server is using the weak ssh-rsa public key algorithm, for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list: ssh -oHostKeyAlgorithms=-ssh-rsa user@host If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded. OpenSSH recently enabled the UpdateHostKeys option by default to assist the client by automatically migrating to better algorithms. [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf Security * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this option was enabled with a set of patterns that activated logging in code that runs in the low-privilege sandboxed sshd process, the log messages were constructed in such a way that printf(3) format strings could effectively be specified the low-privilege code. An attacker who had sucessfully exploited the low-privilege process could use this to escape OpenSSH's sandboxing and attack the high-privilege process. Exploitation of this weakness is highly unlikely in practice as the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. Thanks to Ilja Van Sprundel for reporting this bug. Changes since OpenSSH 8.5 This release contains mostly bug fixes. New features * sftp-server(8): add a new limits@openssh.com protocol extension that allows a client to discover various server limits, including maximum packet size and maximum read/write length. * sftp(1): use the new limits@openssh.com extension (when available) to select better transfer lengths in the client. * sshd(8): Add ModuliFile keyword to sshd_config to specify the location of the "moduli" file containing the groups for DH-GEX. * unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to enable printing of the elapsed time in seconds of each test. Bugfixes * ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in manual pages with the current default. GHPR174 * ssh(1): ensure that pkcs11_del_provider() is called before exit. GHPR234 * ssh(1), sshd(8): fix problems in string->argv conversion. Multiple backslashes were not being dequoted correctly and quoted space in the middle of a string was being incorrectly split. GHPR223 * ssh(1): return non-zero exit status when killed by signal; bz#3281 * sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum packet size. Also handle zero-length reads that are not explicitly banned by the spec. Portability * sshd(8): don't mistakenly exit on transient read errors on the network socket (e.g. EINTR, EAGAIN); bz3297 * Create a dedicated contrib/gnome-ssk-askpass3.c source instead of building it from the same file as used for GNOME2. Use the GNOME3 gdk_seat_grab() to manage keyboard/mouse/server grabs for better compatibility with Wayland. * Fix portability build errors bz3293 bz3292 bz3291 bz3278 * sshd(8): soft-disallow the fstatat64 syscall in the Linux seccomp-bpf sandbox. bz3276 * unit tests: enable autoopt and misc unit tests that were previously skipped Signed-off-by: Adolf Belka --- lfs/openssh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 2a07d9e65..3117e996c 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 8.5p1 +VER = 8.6p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9eb9420cf587edc26f8998ab679ad390 +$(DL_FILE)_MD5 = 805f7048aec6dd752584e570383a6f00 install : $(TARGET)