[v7,2/2] openssh: upgrade 9.7p1 -> 9.8p1

- drop the CVE-2024-6387
- fix musl build [backported patch]
- fix ptest regression [submited patch]
- sshd now had the sshd-session

Release notes at https://www.openssh.com/txt/release-9.8

Security
========

This release contains fixes for two security problems, one critical
and one minor.

1) Race condition in sshd(8)

A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary
code execution with root privileges.

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It's likely that
these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined. Systems that lack ASLR or users of downstream Linux
distributions that have modified OpenSSH to disable per-connection
ASLR re-randomisation (yes - this is a thing, no - we don't
understand why) may potentially have an easier path to exploitation.
OpenBSD is not vulnerable.

We thank the Qualys Security Advisory Team for discovering, reporting
and demonstrating exploitability of this problem, and for providing
detailed feedback on additional mitigation measures.

2) Logic error in ssh(1) ObscureKeystrokeTiming

In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an
OpenSSH server version 9.5 or later, a logic error in the ssh(1)
ObscureKeystrokeTiming feature (on by default) rendered this feature
ineffective - a passive observer could still detect which network
packets contained real keystrokes when the countermeasure was active
because both fake and real keystroke packets were being sent
unconditionally.

This bug was found by Philippos Giavridis and also independently by
Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the
University of Cambridge Computer Lab.

Worse, the unconditional sending of both fake and real keystroke
packets broke another long-standing timing attack mitigation. Since
OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for
traffic received on TTYs in echo-off mode, such as when entering a
password into su(8) or sudo(8). This bug rendered these fake
keystroke echoes ineffective and could allow a passive observer of
a SSH session to once again detect when echo was off and obtain
fairly limited timing information about keystrokes in this situation
(20ms granularity by default).

This additional implication of the bug was identified by Jacky Wei
En Kung, Daniel Hugenroth and Alastair Beresford and we thank them
for their detailed analysis.

This bug does not affect connections when ObscureKeystrokeTiming
was disabled or sessions where no TTY was requested.

Future deprecation notice
=========================

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.

DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.

OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.

This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.

This release, and its deactivation of DSA by default at compile-time,
marks the second step in our timeline to finally deprecate DSA. The
final step of removing DSA support entirely is planned for the first
OpenSSH release of 2025.

DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.

Potentially-incompatible changes
--------------------------------

 * all: as mentioned above, the DSA signature algorithm is now
   disabled at compile time.

 * sshd(8): the server will now block client addresses that
   repeatedly fail authentication, repeatedly connect without ever
   completing authentication or that crash the server. See the
   discussion of PerSourcePenalties below for more information.
   Operators of servers that accept connections from many users, or
   servers that accept connections from addresses behind NAT or
   proxies may need to consider these settings.

 * sshd(8): the server has been split into a listener binary, sshd(8),
   and a per-session binary "sshd-session". This allows for a much
   smaller listener binary, as it no longer needs to support the SSH
   protocol. As part of this work, support for disabling privilege
   separation (which previously required code changes to disable) and
   disabling re-execution of sshd(8) has been removed. Further
   separation of sshd-session into additional, minimal binaries is
   planned for the future.

 * sshd(8): several log messages have changed. In particular, some
   log messages will be tagged with as originating from a process
   named "sshd-session" rather than "sshd".

 * ssh-keyscan(1): this tool previously emitted comment lines
   containing the hostname and SSH protocol banner to standard error.
   This release now emits them to standard output, but adds a new
   "-q" flag to silence them altogether.

 * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
   as the PAM service name. A new "PAMServiceName" sshd_config(5)
   directive allows selecting the service name at runtime. This
   defaults to "sshd". bz2101

 * (portable OpenSSH only) Automatically-generated files, such as
   configure, config.h.in, etc will now be checked in to the portable
   OpenSSH git release branch (e.g. V_9_8). This should ensure that
   the contents of the signed release branch exactly match the
   contents of the signed release tarball.

Changes since OpenSSH 9.7
=========================

This release contains mostly bugfixes.

New features
------------

 * sshd(8): as described above, sshd(8) will now penalise client
   addresses that, for various reasons, do not successfully complete
   authentication. This feature is controlled by a new sshd_config(5)
   PerSourcePenalties option and is on by default.

   sshd(8) will now identify situations where the session did not
   authenticate as expected. These conditions include when the client
   repeatedly attempted authentication unsucessfully (possibly
   indicating an attack against one or more accounts, e.g. password
   guessing), or when client behaviour caused sshd to crash (possibly
   indicating attempts to exploit bugs in sshd).

   When such a condition is observed, sshd will record a penalty of
   some duration (e.g. 30 seconds) against the client's address. If
   this time is above a minimum configurable threshold, then all
   connections from the client address will be refused (along with any
   others in the same PerSourceNetBlockSize CIDR range) until the
   penalty expire.

   Repeated offenses by the same client address will accrue greater
   penalties, up to a configurable maximum. Address ranges may be
   fully exempted from penalties, e.g. to guarantee access from a set
   of trusted management addresses, using the new sshd_config(5)
   PerSourcePenaltyExemptList option.

   We hope these options will make it significantly more difficult for
   attackers to find accounts with weak/guessable passwords or exploit
   bugs in sshd(8) itself. This option is enabled by default.

 * ssh(8): allow the HostkeyAlgorithms directive to disable the
   implicit fallback from certificate host key to plain host keys.

Bugfixes
--------

 * misc: fix a number of inaccuracies in the PROTOCOL.*
   documentation files. GHPR430 GHPR487

 * all: switch to strtonum(3) for more robust integer parsing in most
   places.

 * ssh(1), sshd(8): correctly restore sigprocmask around ppoll()

 * ssh-keysign(8): stricter validation of messaging socket fd GHPR492

 * sftp(1): flush stdout after writing "sftp>" prompt when not using
   editline. GHPR480

 * sftp-server(8): fix home-directory extension implementation, it
   previously always returned the current user's home directory
   contrary to the spec. GHPR477

 * ssh-keyscan(1): do not close stdin to prevent error messages when
   stdin is read multiple times. E.g.
   echo localhost | ssh-keyscan -f - -f -

 * regression tests: fix rekey test that was testing the same KEX
   algorithm repeatedly instead of testing all of them. bz3692

 * ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
   documentation, especially around what is supported vs available.
   bz3701.

Portability
-----------

 * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
   unconditionally. The previous behaviour was to expose it only when
   particular authentication methods were in use.

 * build: fix OpenSSL ED25519 support detection. An incorrect function
   signature in configure.ac previously prevented enabling the recently
   added support for ED25519 private keys in PEM PKCS8 format.

 * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
   environment variable to enable SSH_ASKPASS, similarly to the X11
   DISPLAY environment variable. GHPR479

 * build: improve detection of the -fzero-call-used-regs compiler
   flag. bz3673.

 * build: relax OpenSSL version check to accept all OpenSSL 3.x
   versions.

 * sshd(8): add support for notifying systemd on server listen and
   reload, using a standalone implementation that doesn't depend on
   libsystemd. bz2641

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---

v2:
 - fix musl build
 - fix sshd-session packing on openssh-sshd
 - rebase on top of the CVE-2024-6387 fix sent

v3:
 - fix the ptest fail
 - update upstream status of the systemd sd-notify patch

v4:
 - split update of Upstream-Status in new patches in the serie
 - submit the the ptest fix upstream

v5:
 - backport upstream fix for musl build
 - drop the backported systemd notify

v6:
v7:
 - nothing change

 ...ast-to-sockaddr-in-systemd-interface.patch |  30 +++
 ...-notify-systemd-on-listen-and-reload.patch | 225 ------------------
 ...h-log-input-and-output-files-on-erro.patch |   8 +-
 ...c-use-the-absolute-path-in-the-SSH-e.patch |  35 +++
 .../openssh/openssh/CVE-2024-6387.patch       |  27 ---
 .../openssh/openssh/run-ptest                 |   1 +
 .../{openssh_9.7p1.bb => openssh_9.8p1.bb}    |   8 +-
 7 files changed, 73 insertions(+), 261 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-Cast-to-sockaddr-in-systemd-interface.patch
 delete mode 100644 meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
 delete mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
 rename meta/recipes-connectivity/openssh/{openssh_9.7p1.bb => openssh_9.8p1.bb} (96%)

Message ID	20240718165448.1164-2-jose.quaresma@foundries.io
State	New
Headers	show Return-Path: <quaresma.jose@gmail.com> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE995C41513 for <webhook@archiver.kernel.org>; Thu, 18 Jul 2024 16:55:42 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.web10.20204.1721321740078842407 for <openembedded-core@lists.openembedded.org>; Thu, 18 Jul 2024 09:55:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ckpD2hAT; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: quaresma.jose@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-367990aaef3so45270f8f.0 for <openembedded-core@lists.openembedded.org>; Thu, 18 Jul 2024 09:55:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721321738; x=1721926538; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ma13U2PDpaMDqiWO2SEphqejGUQVyt1/jRM6a3iUYMo=; b=ckpD2hATKse8nltxfY5FaAbOZdCfical+uIvkL2lxPFS1mPDRrWxtkzltJfXabED6z sUeVawZdQrSY6KQ+9+nty0BkPgmkCu3EGKVd+Lt3QUSJPCTvyR6/ZoDUPbMg4zr1BExg vUAtrGXG0S9C/V8y1SzHhUXOJHd1PbQeBjWLy82NYIFRbLR3Ccu4cm1/D+xPIDrZyv9G xPmtbP8eY4lXjXR2hGTbvB+QwFslbTrMY2cTVedU0UHQfox1iRv21AL++x8zDghk8cN0 UXtYinAQIyiODDOCtMhSociRuYhBAgKJA1XoFznycMU1srChciLmjz+46JCT7KmStGha xtgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721321738; x=1721926538; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ma13U2PDpaMDqiWO2SEphqejGUQVyt1/jRM6a3iUYMo=; b=kDpbSENPRU6XJL8BqJ7DQlGAzpBmvlzoRu8oCMBxijNYyI7LQZhCmRMvNGujB4nbVD pUMhOvfhp0qWMsKuyhyCwqgRAm26OTIwg5/zEnECSe9O01c1e04Rc5onpPqtjrFkGFaL 5lPdvAxfsgAFcKK3gd3h2moqHAJ6ekdUx60ohovLN6TiQnNniVcvxMhuta9O+qgwbcfI i83W+3779xmLpDGT76aY4yfFtuLesxwy09X+75pcU8LvLQ2yHBYkRZEsflOjKQAwRrMR 7bRZgN6vDnpTQCaKkUQMiHcDflRpABbZSTPrGDLayiDPBrht1XCtA5Ew1UaANjXA0pSI npww== X-Gm-Message-State: AOJu0YwOuo1LTvGCDLVyuQKN+Naw26B3cPRcjvG7bn8LaKtcyx9o53Xf KyxQj8zi50PvAjKnZpul6c8IMycoa9ZNU6Ct9yL9N4lkFcIhuTgR/kzQLA== X-Google-Smtp-Source: AGHT+IFKKCI/XeEVDFUcUGXd73e8k6jIzoH/8Opvzs8M5wr4lT3THLHkzYWvOEAgHmlpNWU1BZrPow== X-Received: by 2002:a5d:4211:0:b0:366:ed80:d045 with SMTP id ffacd0b85a97d-3683171fe8fmr3511014f8f.47.1721321737603; Thu, 18 Jul 2024 09:55:37 -0700 (PDT) Received: from toster.lan (bl15-243-112.dsl.telepac.pt. [188.80.243.112]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-427d2a6e91fsm22014035e9.23.2024.07.18.09.55.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jul 2024 09:55:37 -0700 (PDT) From: Jose Quaresma <quaresma.jose@gmail.com> X-Google-Original-From: Jose Quaresma <jose.quaresma@foundries.io> To: openembedded-core@lists.openembedded.org Cc: Jose Quaresma <jose.quaresma@foundries.io> Subject: [OE-core][PATCH v7 2/2] openssh: upgrade 9.7p1 -> 9.8p1 Date: Thu, 18 Jul 2024 17:54:48 +0100 Message-ID: <20240718165448.1164-2-jose.quaresma@foundries.io> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240718165448.1164-1-jose.quaresma@foundries.io> References: <20240718165448.1164-1-jose.quaresma@foundries.io> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: <openembedded-core.lists.openembedded.org> X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for <openembedded-core@lists.openembedded.org>; Thu, 18 Jul 2024 16:55:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/202231
Series	[v7,1/2] openssh: systemd notification was implemented upstream \| expand [v7,1/2] openssh: systemd notification was implemented upstream [v7,2/2] openssh: upgrade 9.7p1 -> 9.8p1

[v7,2/2] openssh: upgrade 9.7p1 -> 9.8p1

Commit Message

Comments

Patch