diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-03-04 14:23:19 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-03-04 15:12:14 +0000 |
commit | 07fc0a9367151053d9b6e8ab68fdb3c7501a4873 (patch) | |
tree | b7d1ae41dce5b6227bef0d863990cc2d610a7fc2 | |
parent | ec414afd222af60156b4bae6021647de7b032675 (diff) | |
download | aports-07fc0a9367151053d9b6e8ab68fdb3c7501a4873.tar.bz2 aports-07fc0a9367151053d9b6e8ab68fdb3c7501a4873.tar.xz |
main/openssh: security fixes
CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
Rebased HPN patch, included upstream patch due regression bug due to CVE-2019-6109 fix
Fixes #10000
-rw-r--r-- | main/openssh/APKBUILD | 33 | ||||
-rw-r--r-- | main/openssh/CVE-2018-20685.patch | 36 | ||||
-rw-r--r-- | main/openssh/CVE-2019-6109.patch | 278 | ||||
-rw-r--r-- | main/openssh/CVE-2019-6111.patch | 197 | ||||
-rw-r--r-- | main/openssh/have-progressmeter-force-update-at-beginning-and-end-transfer.patch | 124 | ||||
-rw-r--r-- | main/openssh/openssh7.4-dynwindows.patch | 17 | ||||
-rw-r--r-- | main/openssh/openssh7.4-peaktput.patch | 19 |
7 files changed, 677 insertions, 27 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index a948b1f3c7..114e8f154b 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -3,7 +3,7 @@ pkgname=openssh pkgver=7.5_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=3 +pkgrel=4 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -21,18 +21,27 @@ subpackages="$pkgname-doc $pkgname-server " source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz - openssh7.4-peaktput.patch - openssh7.4-dynwindows.patch fix-utmp.patch bsd-compatible-realpath.patch - sshd.initd - sshd.confd sftp-interactive.patch openssh-7.5p1-sandbox.patch CVE-2017-15906.patch CVE-2018-15473.patch + CVE-2018-20685.patch + CVE-2019-6109.patch + CVE-2019-6111.patch + have-progressmeter-force-update-at-beginning-and-end-transfer.patch + openssh7.4-peaktput.patch + openssh7.4-dynwindows.patch + + sshd.initd + sshd.confd " # secfixes: +# 7.5_p1-r4: +# - CVE-2018-20685 +# - CVE-2019-6109 +# - CVE-2019-6111 # 7.5_p1-r3: # - CVE-2018-15473 # 7.5_p1-r2: @@ -147,13 +156,17 @@ server() { sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz -398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6 openssh7.4-peaktput.patch -b9d736eae9b43de91fa3eb277ba8abc6290a8436b0fb00ae3b0f1b2eabba9983e4d2a1e3c68f5514247d0a3f120037f0795fd88fbf302aabd2d1b54a325a04ee openssh7.4-dynwindows.patch f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch -394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd -ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch 15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch e064acdb9b9990ac3e997b0110051150a0e0e86a128228d400707815957cb6414ae167c8992da049ee81f315ef19d0ba4d6f55aef197b1fa16fc7ebb8596d320 CVE-2017-15906.patch -390b238ec6f037dcd684f3cbbfd9655aa264791a32d3cbd270773989cdda3896756ddd83e4088356a56e21c183b11052cc4cc7653506d4b46ba48f092f7c66ea CVE-2018-15473.patch" +390b238ec6f037dcd684f3cbbfd9655aa264791a32d3cbd270773989cdda3896756ddd83e4088356a56e21c183b11052cc4cc7653506d4b46ba48f092f7c66ea CVE-2018-15473.patch +aab79b8a5761d27096a40af32ea864aecdde16068b2fe9090b7a45463c30c308f5c20756baf11705249e66d52489ccf51c95bbd8ac13af915d8151184fbbe681 CVE-2018-20685.patch +1ca02180ac6514ee32e898b76e4c678acdef75099bd7d3a75c485fd69c2d123906eca4f930d29051407d52d4d259a6ba94c1147c47a1be012d041aa41a05702d CVE-2019-6109.patch +73617926e4de73108f75c525b587ab643310417dbe43eb855748601cf6e91e646f3600a43a0d8a16a9ab88da770c6595a13c7acfa911e4da23c31a29d6968c78 CVE-2019-6111.patch +da016f2e76cc663ca14a354abcbb5e8a0139735e6b3833fc7345ca6207dc02d4f093ffc64527a129f6cfdd1275cedca79fadf2d839fbd4d01517459b3f8a1d82 have-progressmeter-force-update-at-beginning-and-end-transfer.patch +a69c79ca4bc76fbc8d16d20d508f307874e518e9ba3816db689cc94ee649f266286e74c1b03c25fd529c85332b85017a10614b381e3e9270be3de84d19633cc8 openssh7.4-peaktput.patch +d98825a40bccbf6b46336fdbe7ac4a91cfd94939236f0ac03b48f09a29cf0df437e1ccf9eea7a8b3f1cd06e1e031aa023d99e68b97c0f3996b6642c94571f492 openssh7.4-dynwindows.patch +394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd +ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd" diff --git a/main/openssh/CVE-2018-20685.patch b/main/openssh/CVE-2018-20685.patch new file mode 100644 index 0000000000..c0bdd304a2 --- /dev/null +++ b/main/openssh/CVE-2018-20685.patch @@ -0,0 +1,36 @@ +From 951d1b405c221a98e30c8560e941c73ab8493f9d Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Fri, 16 Nov 2018 03:03:10 +0000 +Subject: upstream: disallow empty incoming filename or ones that refer to the + +current directory; based on report/patch from Harry Sintonen + +OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=6010c0303a422a9c5fa8860c061bf7105eb7f8b2 +Bug-Debian: https://bugs.debian.org/919101 +Last-Update: 2019-02-08 + +Patch-Name: scp-disallow-dot-or-empty-filename.patch + +Ported to stretch by Yves-Alexis Perez <corsac@debian.org> + +CVE-2018-20685 +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 18c27720..26099529 100644 +--- a/scp.c ++++ b/scp.c +@@ -1055,7 +1055,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } diff --git a/main/openssh/CVE-2019-6109.patch b/main/openssh/CVE-2019-6109.patch new file mode 100644 index 0000000000..e399aefb05 --- /dev/null +++ b/main/openssh/CVE-2019-6109.patch @@ -0,0 +1,278 @@ +From 86fe04b06ec887e09b1bae345baff95ff2d05f6a Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Wed, 23 Jan 2019 08:01:46 +0000 +Subject: upstream: Sanitize scp filenames via snmprintf. To do this we move + +the progressmeter formatting outside of signal handler context and have the +atomicio callback called for EINTR too. bz#2434 with contributions from djm +and jjelen at redhat.com, ok djm@ + +OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=8976f1c4b2721c26e878151f52bdf346dfe2d54c +Bug-Debian: https://bugs.debian.org/793412 +Last-Update: 2019-02-08 + +Patch-Name: sanitize-scp-filenames-via-snmprintf.patch + +Ported to Stretch (OpenSSH 7.4) by Yves-Alexis Perez <corsac@debian.org> + +CVE-2019-6109 +--- + atomicio.c | 20 ++++++++++++++----- + progressmeter.c | 53 ++++++++++++++++++++++--------------------------- + progressmeter.h | 3 ++- + scp.c | 1 + + sftp-client.c | 16 ++++++++------- + 5 files changed, 51 insertions(+), 42 deletions(-) + +diff --git a/atomicio.c b/atomicio.c +index f854a06f..d91bd762 100644 +--- a/atomicio.c ++++ b/atomicio.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ ++/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2006 Damien Miller. All rights reserved. + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. +@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + res = (f) (fd, s + pos, n - pos); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READ_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + res = (f) (fd, iov, iovcnt); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READV_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +diff --git a/progressmeter.c b/progressmeter.c +index fe9bf52e..add462dd 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -31,6 +31,7 @@ + + #include <errno.h> + #include <signal.h> ++#include <stdarg.h> + #include <stdio.h> + #include <string.h> + #include <time.h> +@@ -39,6 +40,7 @@ + #include "progressmeter.h" + #include "atomicio.h" + #include "misc.h" ++#include "utf8.h" + + #define DEFAULT_WINSIZE 80 + #define MAX_WINSIZE 512 +@@ -61,7 +63,7 @@ static void setscreensize(void); + void refresh_progress_meter(void); + + /* signal handler for updating the progress meter */ +-static void update_progress_meter(int); ++static void sig_alarm(int); + + static double start; /* start progress */ + static double last_update; /* last progress update */ +@@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + static int win_size; /* terminal window size */ + static volatile sig_atomic_t win_resized; /* for window resizing */ ++static volatile sig_atomic_t alarm_fired; + + /* units for format_size */ + static const char unit[] = " KMGT"; +@@ -126,9 +129,17 @@ refresh_progress_meter(void) + off_t bytes_left; + int cur_speed; + int hours, minutes, seconds; +- int i, len; + int file_len; + ++ if ((!alarm_fired && !win_resized) || !can_output()) ++ return; ++ alarm_fired = 0; ++ ++ if (win_resized) { ++ setscreensize(); ++ win_resized = 0; ++ } ++ + transferred = *counter - (cur_pos ? cur_pos : start_pos); + cur_pos = *counter; + now = monotime_double(); +@@ -158,16 +169,11 @@ refresh_progress_meter(void) + + /* filename */ + buf[0] = '\0'; +- file_len = win_size - 35; ++ file_len = win_size - 36; + if (file_len > 0) { +- len = snprintf(buf, file_len + 1, "\r%s", file); +- if (len < 0) +- len = 0; +- if (len >= file_len + 1) +- len = file_len; +- for (i = len; i < file_len; i++) +- buf[i] = ' '; +- buf[file_len] = '\0'; ++ buf[0] = '\r'; ++ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", ++ file_len * -1, file); + } + + /* percent of transfer done */ +@@ -228,22 +234,11 @@ refresh_progress_meter(void) + + /*ARGSUSED*/ + static void +-update_progress_meter(int ignore) ++sig_alarm(int ignore) + { +- int save_errno; +- +- save_errno = errno; +- +- if (win_resized) { +- setscreensize(); +- win_resized = 0; +- } +- if (can_output()) +- refresh_progress_meter(); +- +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); ++ alarm_fired = 1; + alarm(UPDATE_INTERVAL); +- errno = save_errno; + } + + void +@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- if (can_output()) +- refresh_progress_meter(); ++ refresh_progress_meter(); + +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); + alarm(UPDATE_INTERVAL); + } +@@ -286,6 +280,7 @@ stop_progress_meter(void) + static void + sig_winch(int sig) + { ++ signal(SIGWINCH, sig_winch); + win_resized = 1; + } + +diff --git a/progressmeter.h b/progressmeter.h +index bf179dca..8f667806 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,4 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); ++void refresh_progress_meter(void); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 26099529..e2e16993 100644 +--- a/scp.c ++++ b/scp.c +@@ -567,6 +567,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; ++ refresh_progress_meter(); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index e65c15c8..3cefbe26 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -94,7 +94,9 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- bandwidth_limit(bwlimit, amount); ++ refresh_progress_meter(); ++ if (bwlimit != NULL) ++ bandwidth_limit(bwlimit, amount); + return 0; + } + +@@ -114,8 +116,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) + iov[1].iov_base = (u_char *)sshbuf_ptr(m); + iov[1].iov_len = sshbuf_len(m); + +- if (atomiciov6(writev, conn->fd_out, iov, 2, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != ++ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != + sshbuf_len(m) + sizeof(mlen)) + fatal("Couldn't send packet: %s", strerror(errno)); + +@@ -131,8 +133,8 @@ get_msg(struct sftp_conn *conn, struct sshbuf *m) + + if ((r = sshbuf_reserve(m, 4, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, 4, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { ++ if (atomicio6(read, conn->fd_in, p, 4, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { + if (errno == EPIPE) + fatal("Connection closed"); + else +@@ -146,8 +148,8 @@ get_msg(struct sftp_conn *conn, struct sshbuf *m) + + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, msg_len, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) ++ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) + != msg_len) { + if (errno == EPIPE) + fatal("Connection closed"); diff --git a/main/openssh/CVE-2019-6111.patch b/main/openssh/CVE-2019-6111.patch new file mode 100644 index 0000000000..fd4bd054f1 --- /dev/null +++ b/main/openssh/CVE-2019-6111.patch @@ -0,0 +1,197 @@ +From e83897f1bff97275e02e9e452d8d5282131128f6 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sat, 26 Jan 2019 22:41:28 +0000 +Subject: upstream: check in scp client that filenames sent during + +remote->local directory copies satisfy the wildcard specified by the user. + +This checking provides some protection against a malicious server +sending unexpected filenames, but it comes at a risk of rejecting wanted +files due to differences between client and server wildcard expansion rules. + +For this reason, this also adds a new -T flag to disable the check. + +reported by Harry Sintonen +fix approach suggested by markus@; +has been in snaps for ~1wk courtesy deraadt@ + +OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc +Last-Update: 2019-02-08 + +Patch-Name: check-filenames-in-scp-client.patch + +Ported to Stretch (OpenSSH 7.4) by Yves-Alexis Perez <corsac@debian.org> + +CVE-2019-6111 +--- + scp.1 | 17 +++++++++++++---- + scp.c | 35 +++++++++++++++++++++++++++-------- + 2 files changed, 40 insertions(+), 12 deletions(-) + +diff --git a/scp.1 b/scp.1 +index 4ae87775..695a9cb2 100644 +--- a/scp.1 ++++ b/scp.1 +@@ -8,9 +8,9 @@ + .\" + .\" Created: Sun May 7 00:14:37 1995 ylo + .\" +-.\" $OpenBSD: scp.1,v 1.71 2016/07/16 06:57:55 jmc Exp $ ++.\" $OpenBSD: scp.1,v 1.85 2019/01/26 22:41:28 djm Exp $ + .\" +-.Dd $Mdocdate: July 16 2016 $ ++.Dd $Mdocdate: January 26 2019 $ + .Dt SCP 1 + .Os + .Sh NAME +@@ -18,8 +18,7 @@ + .Nd secure copy (remote file copy program) + .Sh SYNOPSIS + .Nm scp +-.Bk -words +-.Op Fl 12346BCpqrv ++.Op Fl 12346BCpqrTv + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +@@ -215,6 +214,16 @@ to use for the encrypted connection. + The program must understand + .Xr ssh 1 + options. ++.It Fl T ++Disable strict filename checking. ++By default when copying files from a remote host to a local directory ++.Nm ++checks that the received filenames match those requested on the command-line ++to prevent the remote end from sending unexpected or unwanted files. ++Because of differences in how various operating systems and shells interpret ++filename wildcards, these checks may cause wanted files to be rejected. ++This option disables these checks at the expense of fully trusting that ++the server will not send unexpected filenames. + .It Fl v + Verbose mode. + Causes +diff --git a/scp.c b/scp.c +index 2f5a4d46..44b74fa4 100644 +--- a/scp.c ++++ b/scp.c +@@ -94,6 +94,7 @@ + #include <dirent.h> + #include <errno.h> + #include <fcntl.h> ++#include <fnmatch.h> + #include <limits.h> + #include <locale.h> + #include <pwd.h> +@@ -362,14 +363,14 @@ void verifydir(char *); + struct passwd *pwd; + uid_t userid; + int errs, remin, remout; +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; + + #define CMDNEEDS 64 + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + + int response(void); + void rsource(char *, struct stat *); +-void sink(int, char *[]); ++void sink(int, char *[], const char *); + void source(int, char *[]); + void tolocal(int, char *[]); + void toremote(char *, int, char *[]); +@@ -406,8 +407,8 @@ main(int argc, char **argv) + addargs(&args, "-oPermitLocalCommand=no"); + addargs(&args, "-oClearAllForwardings=yes"); + +- fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) ++ fflag = Tflag = tflag = 0; ++ while ((ch = getopt(argc, argv, "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -483,6 +484,9 @@ main(int argc, char **argv) + setmode(0, O_BINARY); + #endif + break; ++ case 'T': ++ Tflag = 1; ++ break; + default: + usage(); + } +@@ -516,7 +520,7 @@ main(int argc, char **argv) + } + if (tflag) { + /* Receive data. */ +- sink(argc, argv); ++ sink(argc, argv, NULL); + exit(errs != 0); + } + if (argc < 2) +@@ -757,7 +761,7 @@ tolocal(int argc, char **argv) + continue; + } + free(bp); +- sink(1, argv + argc - 1); ++ sink(1, argv + argc - 1, src); + (void) close(remin); + remin = remout = -1; + } +@@ -925,7 +929,7 @@ rsource(char *name, struct stat *statp) + } + + void +-sink(int argc, char **argv) ++sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +@@ -941,6 +945,7 @@ sink(int argc, char **argv) + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + + #define atime tv[0] +@@ -962,6 +967,17 @@ sink(int argc, char **argv) + (void) atomicio(vwrite, remout, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; ++ if (src != NULL && !iamrecursive && !Tflag) { ++ /* ++ * Prepare to try to restrict incoming filenames to match ++ * the requested destination file glob. ++ */ ++ if ((src_copy = strdup(src)) == NULL) ++ fatal("strdup failed"); ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { ++ *restrict_pattern++ = '\0'; ++ } ++ } + for (first = 1;; first = 0) { + cp = buf; + if (atomicio(read, remin, cp, 1) != 1) +@@ -1061,6 +1077,9 @@ sink(int argc, char **argv) + run_err("error: unexpected filename: %s", cp); + exit(1); + } ++ if (restrict_pattern != NULL && ++ fnmatch(restrict_pattern, cp, 0) != 0) ++ SCREWUP("filename does not match request"); + if (targisdir) { + static char *namebuf; + static size_t cursize; +@@ -1098,7 +1117,7 @@ sink(int argc, char **argv) + goto bad; + } + vect[0] = xstrdup(np); +- sink(1, vect); ++ sink(1, vect, src); + if (setimes) { + setimes = 0; + if (utimes(vect[0], tv) < 0) diff --git a/main/openssh/have-progressmeter-force-update-at-beginning-and-end-transfer.patch b/main/openssh/have-progressmeter-force-update-at-beginning-and-end-transfer.patch new file mode 100644 index 0000000000..2b5d4ee8b2 --- /dev/null +++ b/main/openssh/have-progressmeter-force-update-at-beginning-and-end-transfer.patch @@ -0,0 +1,124 @@ +From 177357c62172385f9ccee7fb37b456de22268028 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Thu, 24 Jan 2019 16:52:17 +0000 +Subject: upstream: Have progressmeter force an update at the beginning and + +end of each transfer. Fixes the problem recently introduces where very quick +transfers do not display the progressmeter at all. Spotted by naddy@ + +OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb +Last-Update: 2019-02-08 + +Patch-Name: have-progressmeter-force-update-at-beginning-and-end-transfer.patch + +Ported to Stretch (OpenSSH 7.5) by Yves-Alexis Perez <corsac@debian.org> + +Fix a regression introduced by the patch for CVE-2019-6109 +--- + progressmeter.c | 13 +++++-------- + progressmeter.h | 4 ++-- + scp.c | 2 +- + sftp-client.c | 2 +- + 4 files changed, 9 insertions(+), 12 deletions(-) + +diff --git a/progressmeter.c b/progressmeter.c +index add462dd..e385c125 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.47 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -59,9 +59,6 @@ static void format_rate(char *, int, off_t); + static void sig_winch(int); + static void setscreensize(void); + +-/* updates the progressmeter to reflect the current state of the transfer */ +-void refresh_progress_meter(void); +- + /* signal handler for updating the progress meter */ + static void sig_alarm(int); + +@@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t bytes) + } + + void +-refresh_progress_meter(void) ++refresh_progress_meter(int force_update) + { + char buf[MAX_WINSIZE + 1]; + off_t transferred; +@@ -131,7 +128,7 @@ refresh_progress_meter(void) + int hours, minutes, seconds; + int file_len; + +- if ((!alarm_fired && !win_resized) || !can_output()) ++ if ((!force_update && !alarm_fired && !win_resized) || !can_output()) + return; + alarm_fired = 0; + +@@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); +@@ -271,7 +268,7 @@ stop_progress_meter(void) + + /* Ensure we complete the progress */ + if (cur_pos != end_pos) +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + atomicio(vwrite, STDOUT_FILENO, "\n", 1); + } +diff --git a/progressmeter.h b/progressmeter.h +index 8f667806..1703ea75 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,5 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); +-void refresh_progress_meter(void); ++void refresh_progress_meter(int); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index e2e16993..2f5a4d46 100644 +--- a/scp.c ++++ b/scp.c +@@ -567,7 +567,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 3cefbe26..b4be8cd6 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -94,7 +94,7 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (bwlimit != NULL) + bandwidth_limit(bwlimit, amount); + return 0; diff --git a/main/openssh/openssh7.4-dynwindows.patch b/main/openssh/openssh7.4-dynwindows.patch index 45c42159ea..0b5bdb43b5 100644 --- a/main/openssh/openssh7.4-dynwindows.patch +++ b/main/openssh/openssh7.4-dynwindows.patch @@ -401,14 +401,15 @@ index 2be290a..453c85e 100644 int len; for (indx = 0; indx < argc; ++indx) { -@@ -931,7 +931,7 @@ - off_t size, statbytes; - unsigned long long ull; - int setimes, targisdir, wrerrno = 0; -- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; -+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384]; - struct timeval tv[2]; - +@ -936,7 +936,7 @@ sink(int argc, char **argv, const char *src) + off_t size, statbytes; + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; +- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384]; + char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + #define atime tv[0] --- a/servconf.c +++ b/servconf.c diff --git a/main/openssh/openssh7.4-peaktput.patch b/main/openssh/openssh7.4-peaktput.patch index 6fc6140a6e..6483e336d7 100644 --- a/main/openssh/openssh7.4-peaktput.patch +++ b/main/openssh/openssh7.4-peaktput.patch @@ -9,14 +9,15 @@ static volatile off_t *counter; /* progress counter */ static long stalled; /* how long we have been stalled */ static int bytes_per_second; /* current speed in bytes per second */ -@@ -128,12 +130,17 @@ +@@ -129,6 +129,7 @@ refresh_progress_meter(int force_update) + int cur_speed; int hours, minutes, seconds; - int i, len; int file_len; + off_t delta_pos; - transferred = *counter - (cur_pos ? cur_pos : start_pos); - cur_pos = *counter; + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) + return; +@ -144,6 +145,10 @@ refresh_progress_meter(int force_update) now = monotime_double(); bytes_left = end_pos - cur_pos; @@ -27,15 +28,15 @@ if (bytes_left > 0) elapsed = now - last_update; else { -@@ -158,7 +165,7 @@ +@@ -168,7 +173,7 @@ refresh_progress_meter(int force_update) /* filename */ buf[0] = '\0'; -- file_len = win_size - 35; -+ file_len = win_size - 45; +- file_len = win_size - 36; ++ file_len = win_size - 46; if (file_len > 0) { - len = snprintf(buf, file_len + 1, "\r%s", file); - if (len < 0) + buf[0] = '\r'; + snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", @@ -188,6 +195,15 @@ (off_t)bytes_per_second); strlcat(buf, "/s ", win_size); |