diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2024-07-02 09:08:13 -0700 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2024-07-02 09:10:56 -0700 |
| commit | 82c70bd1c2dbe11711390d24b0666cb31f5c4222 (patch) | |
| tree | 7317897781c1b83dc3d74108b16bce4372c8d1c3 | |
| parent | 00d95e461537c28fd5c44ae4a61830b0e0dca139 (diff) | |
security/openssh-portable: Bring in patches for recent CVES
Source: https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html
PR: 280068
(cherry picked from commit 7b31ce1eeeb40098b213a153e10530a196b52322)
| -rw-r--r-- | security/openssh-portable/Makefile | 2 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-9.8-cves | 56 |
2 files changed, 57 insertions, 1 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index ccf46bb23850..9b1d44580f94 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh DISTVERSION= 9.7p1 -PORTREVISION= 0 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable diff --git a/security/openssh-portable/files/patch-9.8-cves b/security/openssh-portable/files/patch-9.8-cves new file mode 100644 index 000000000000..2e47d586edcd --- /dev/null +++ b/security/openssh-portable/files/patch-9.8-cves @@ -0,0 +1,56 @@ +https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html + +Damien Miller djm at mindrot.org +Mon Jul 1 18:21:11 AEST 2024 +Previous message (by thread): Announce: OpenSSH 9.8 released +Next message (by thread): Announce: OpenSSH 9.8 released +Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] +Hi, + +Regarding the race condition fixed in OpenSSH 9.8. A mitigation to +prevent exploitation of this bug is to disable the login grace timer +by setting LoginGraceTime=0 in sshd_config. This will however make +it much easier for an attacker to deny service to sshd. + +Similarly, the much more minor keystroke timing bug can be avoided +by disabling the feature using ObscureKeystrokeTiming=0. + +Some users will understandably prefer to patch their OpenSSH rather +than upgrade to the newest version, so here are minimal patches for +both problems. + +1) Critical race condition in sshd + +2) Minor logic error in ObscureKeystrokeTiming + +--- log.c.orig 2024-07-02 09:05:35.023051000 -0700 ++++ log.c 2024-07-02 09:05:54.881067000 -0700 +@@ -451,12 +451,14 @@ sshsigdie(const char *file, const char *func, int line + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#ifdef SYSLOG_R_SAFE_IN_SIGHAND + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + +--- clientloop.c.orig 2024-07-02 09:06:09.736347000 -0700 ++++ clientloop.c 2024-07-02 09:06:41.414979000 -0700 +@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct tim + if (timespeccmp(&now, &chaff_until, >=)) { + /* Stop if there have been no keystrokes for a while */ + stop_reason = "chaff time expired"; +- } else if (timespeccmp(&now, &next_interval, >=)) { +- /* Otherwise if we were due to send, then send chaff */ ++ } else if (timespeccmp(&now, &next_interval, >=) && ++ !ssh_packet_have_data_to_write(ssh)) { ++ /* If due to send but have no data, then send chaff */ + if (send_chaff(ssh)) + nchaff++; + } |