--- - branch: pkgsrc-2016Q4 date: Sun Jan 8 11:05:07 UTC 2017 files: - new: 1.249.4.1 old: '1.249' path: pkgsrc/security/openssh/Makefile pathrev: pkgsrc/security/openssh/Makefile@1.249.4.1 type: modified - new: 1.102.4.1 old: '1.102' path: pkgsrc/security/openssh/distinfo pathrev: pkgsrc/security/openssh/distinfo@1.102.4.1 type: modified - new: 1.33.4.1 old: '1.33' path: pkgsrc/security/openssh/options.mk pathrev: pkgsrc/security/openssh/options.mk@1.33.4.1 type: modified - new: '0' old: '1.4' path: pkgsrc/security/openssh/patches/patch-auth1.c pathrev: pkgsrc/security/openssh/patches/patch-auth1.c@0 type: deleted - new: 1.4.8.1 old: '1.4' path: pkgsrc/security/openssh/patches/patch-clientloop.c pathrev: pkgsrc/security/openssh/patches/patch-clientloop.c@1.4.8.1 type: modified - new: 1.3.8.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c pathrev: pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c@1.3.8.1 type: modified - new: 1.7.4.1 old: '1.7' path: pkgsrc/security/openssh/patches/patch-session.c pathrev: pkgsrc/security/openssh/patches/patch-session.c@1.7.4.1 type: modified - new: 1.7.8.1 old: '1.7' path: pkgsrc/security/openssh/patches/patch-sshd.c pathrev: pkgsrc/security/openssh/patches/patch-sshd.c@1.7.8.1 type: modified id: 20170108T110507Z.edd3938d2458f134f1efc040c5bbc5dc803a59b4 log: "Pullup ticket #5178 - requested by taca\nsecurity/openssh: security fix\n\nRevisions pulled up:\n- security/openssh/Makefile 1.250\n- security/openssh/distinfo 1.103\n- security/openssh/options.mk \ 1.34\n- security/openssh/patches/patch-auth1.c \ deleted\n- security/openssh/patches/patch-clientloop.c \ 1.5\n- security/openssh/patches/patch-openbsd-compat_bsd-openpty.c \ 1.4\n- security/openssh/patches/patch-session.c 1.8\n- security/openssh/patches/patch-sshd.c 1.8\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tFri Dec 30 04:43:16 UTC 2016\n\n \ Modified Files:\n \tpkgsrc/security/openssh: Makefile distinfo options.mk\n \ \tpkgsrc/security/openssh/patches: patch-clientloop.c\n \t patch-openbsd-compat_bsd-openpty.c patch-session.c patch-sshd.c\n Removed Files:\n \tpkgsrc/security/openssh/patches: patch-auth1.c\n\n Log Message:\n Update openssh to 7.4.1 (7.4p1), including security fixes.\n\n For full changes, please refer ChangeLog file.\n\n Future deprecation notice\n =========================\n\n We plan on retiring more legacy cryptography in future releases,\n specifically:\n\n * In approximately August 2017, removing remaining support for the\n SSH v.1 protocol (client-only and currently compile-time disabled).\n\n * In the same release, removing support for Blowfish and RC4 ciphers\n and the RIPE-MD160 HMAC. (These are currently run-time disabled).\n\n * Refusing all RSA keys smaller than 1024 bits (the current minimum\n is 768 bits)\n\n * The next release of OpenSSH will remove support for running sshd(8)\n with privilege separation disabled.\n\n \ * The next release of portable OpenSSH will remove support for\n OpenSSL version prior to 1.0.1.\n\n This list reflects our current intentions, but please check the final\n release notes for future releases.\n\n Potentially-incompatible changes\n ================================\n\n This release includes a number of changes that may affect existing\n configurations:\n\n * This release removes server support for the SSH v.1 protocol.\n\n * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit\n block ciphers are not safe in 2016 and we don't want to wait until\n attacks like SWEET32 are extended to SSH. As 3des-cbc was the\n only mandatory cipher in the SSH RFCs, this may cause problems\n connecting to older devices using the default configuration,\n \ but it's highly likely that such devices already need explicit\n configuration for key exchange and hostkey algorithms already\n anyway.\n\n * sshd(8): Remove support for pre-authentication compression.\n Doing compression early in the protocol probably seemed reasonable\n in the 1990s, but today it's clearly a bad idea in terms of both\n cryptography (cf. multiple compression oracle attacks in TLS) and\n attack surface. Pre-auth compression support has been disabled by\n default for >10 years. Support remains in the client.\n\n \ * ssh-agent will refuse to load PKCS#11 modules outside a whitelist\n of trusted paths by default. The path whitelist may be specified\n at run-time.\n\n \ * sshd(8): When a forced-command appears in both a certificate and\n an authorized keys/principals command= restriction, sshd will now\n refuse to accept the certificate unless they are identical.\n The previous (documented) behaviour of having the certificate\n forced-command override the other could be a bit confusing and\n error-prone.\n\n * sshd(8): Remove the UseLogin configuration directive and support\n for having /bin/login manage login sessions.\n\n Changes since OpenSSH 7.3\n =========================\n\n This is primarily a bugfix release.\n\n Security\n --------\n\n * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths\n outside a trusted whitelist (run-time configurable). Requests to\n load modules could be passed via agent forwarding and an attacker\n could attempt to load a hostile PKCS#11 module across the forwarded\n agent channel: PKCS#11 modules are shared libraries, so this would\n result in code execution on the system running the ssh-agent if the\n attacker has control of the forwarded agent-socket (on the host\n \ running the sshd server) and the ability to write to the filesystem\n of the host running ssh-agent (usually the host running the ssh\n client). Reported by Jann Horn of Project Zero.\n\n * sshd(8): When privilege separation is disabled, forwarded Unix-\n domain sockets would be created by sshd(8) with the privileges of\n 'root' instead of the authenticated user. This release refuses\n Unix-domain socket forwarding when privilege separation is disabled\n (Privilege separation has been enabled by default for 14 years).\n Reported by Jann Horn of Project Zero.\n\n * sshd(8): Avoid theoretical leak of host private key material to\n \ privilege-separated child processes via realloc() when reading\n keys. No such leak was observed in practice for normal-sized keys,\n nor does a leak to the child processes directly expose key material\n to unprivileged users. Reported by Jann Horn of Project Zero.\n\n * sshd(8): The shared memory manager used by pre-authentication\n compression support had a bounds checks that could be elided by\n some optimising compilers. Additionally, this memory manager was\n incorrectly accessible when pre-authentication compression was\n disabled. This could potentially allow attacks against the\n privileged monitor process from the sandboxed privilege-separation\n process (a compromise of the latter would be required first).\n This release removes support for pre-authentication compression\n from sshd(8). Reported by Guido Vranken using the Stack unstable\n optimisation identification tool (http://css.csail.mit.edu/stack/)\n\n \ * sshd(8): Fix denial-of-service condition where an attacker who\n sends multiple KEXINIT messages may consume up to 128MB per\n connection. Reported by Shi Lei of Gear Team, Qihoo 360.\n\n * sshd(8): Validate address ranges for AllowUser and DenyUsers\n directives at configuration load time and refuse to accept invalid\n ones. It was previously possible to specify invalid CIDR address\n ranges (e.g. user@127.1.2.3/55) and these would always match,\n \ possibly resulting in granting access where it was not intended.\n Reported by Laurence Parry.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2016Q4] pkgsrc/security/openssh' unixtime: '1483873507' user: bsiegert