diff -Nru openssh-7.2p2/debian/changelog openssh-7.2p2/debian/changelog --- openssh-7.2p2/debian/changelog 2017-04-22 15:26:51.000000000 +0000 +++ openssh-7.2p2/debian/changelog 2018-01-27 13:50:23.000000000 +0000 @@ -1,8 +1,54 @@ -openssh (1:7.2p2-4ubuntu2.2a) xenial; urgency=low +openssh (1:7.2p2-4ubuntu2.4a) xenial; urgency=high * Apply HPN patchsets 14v9 - -- Patrick Domack Sat, 22 Apr 2017 11:26:46 -0400 + -- Patrick Domack Sat, 27 Jan 2018 08:50:46 -0500 + +openssh (1:7.2p2-4ubuntu2.4) xenial-security; urgency=medium + + * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules + - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from + which ssh-agent will load a PKCS#11 module in ssh-agent.1, + ssh-agent.c. + - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys + in ssh-agent.c. + - debian/patches/CVE-2016-10009-3.patch: relax whitelist in + ssh-agent.c. + - debian/patches/CVE-2016-10009-4.patch: add missing label in + ssh-agent.c. + - CVE-2016-10009 + * SECURITY UPDATE: local privilege escalation via socket permissions when + privilege separation is disabled + - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket + forwarding when privsep is disabled in serverloop.c. + - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket + forwarding for root in serverloop.c. + - CVE-2016-10010 + * SECURITY UPDATE: local information disclosure via effects of realloc on + buffer contents + - debian/patches/CVE-2016-10011-pre.patch: split allocation out of + sshbuf_reserve() in sshbuf.c, sshbuf.h. + - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for + loading keys in authfile.c. + - CVE-2016-10011 + * SECURITY UPDATE: local privilege escalation via incorrect bounds check + in shared memory manager + - debian/patches/CVE-2016-10012-1.patch: remove support for + pre-authentication compression in Makefile.in, monitor.c, monitor.h, + monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h, + packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c. + - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression + support in the client in kex.c, kex.h, packet.c, servconf.c, + sshconnect2.c, sshd_config.5. + - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib + bits in kex.c, kex.h, packet.c. + - CVE-2016-10012 + * SECURITY UPDATE: DoS via zero-length file creation in readonly mode + - debian/patches/CVE-2017-15906.patch: disallow creation of empty files + in sftp-server.c. + - CVE-2017-15906 + + -- Marc Deslauriers Mon, 15 Jan 2018 09:50:38 -0500 openssh (1:7.2p2-4ubuntu2.2) xenial; urgency=medium diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10009-2.patch openssh-7.2p2/debian/patches/CVE-2016-10009-2.patch --- openssh-7.2p2/debian/patches/CVE-2016-10009-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10009-2.patch 2018-01-18 13:31:56.000000000 +0000 @@ -0,0 +1,58 @@ +From 25f837646be8c2017c914d34be71ca435dfc0e07 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 15 Mar 2017 02:25:09 +0000 +Subject: [PATCH] upstream commit + +fix regression in 7.4: deletion of PKCS#11-hosted keys +would fail unless they were specified by full physical pathname. Report and +fix from Jakub Jelen via bz#2682; ok dtucker@ + +Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 +--- + ssh-agent.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +Index: openssh-7.2p2/ssh-agent.c +=================================================================== +--- openssh-7.2p2.orig/ssh-agent.c 2018-01-18 08:31:54.699507617 -0500 ++++ openssh-7.2p2/ssh-agent.c 2018-01-18 08:31:54.699507617 -0500 +@@ -825,7 +825,7 @@ send: + static void + process_remove_smartcard_key(SocketEntry *e) + { +- char *provider = NULL, *pin = NULL; ++ char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; + int r, version, success = 0; + Identity *id, *nxt; + Idtab *tab; +@@ -835,6 +835,13 @@ process_remove_smartcard_key(SocketEntry + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + free(pin); + ++ if (realpath(provider, canonical_provider) == NULL) { ++ verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", ++ provider, strerror(errno)); ++ goto send; ++ } ++ ++ debug("%s: remove %.100s", __func__, canonical_provider); + for (version = 1; version < 3; version++) { + tab = idtab_lookup(version); + for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { +@@ -842,14 +849,14 @@ process_remove_smartcard_key(SocketEntry + /* Skip file--based keys */ + if (id->provider == NULL) + continue; +- if (!strcmp(provider, id->provider)) { ++ if (!strcmp(canonical_provider, id->provider)) { + TAILQ_REMOVE(&tab->idlist, id, next); + free_identity(id); + tab->nentries--; + } + } + } +- if (pkcs11_del_provider(provider) == 0) ++ if (pkcs11_del_provider(canonical_provider) == 0) + success = 1; + else + error("process_remove_smartcard_key:" diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10009-3.patch openssh-7.2p2/debian/patches/CVE-2016-10009-3.patch --- openssh-7.2p2/debian/patches/CVE-2016-10009-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10009-3.patch 2018-01-18 13:32:04.000000000 +0000 @@ -0,0 +1,26 @@ +From b108ce92aae0ca0376dce9513d953be60e449ae1 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 4 Jan 2017 02:21:43 +0000 +Subject: [PATCH] upstream commit + +relax PKCS#11 whitelist a bit to allow libexec as well as +lib directories. + +Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 +--- + ssh-agent.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: openssh-7.2p2/ssh-agent.c +=================================================================== +--- openssh-7.2p2.orig/ssh-agent.c 2018-01-18 08:32:02.099547711 -0500 ++++ openssh-7.2p2/ssh-agent.c 2018-01-18 08:32:02.095547688 -0500 +@@ -94,7 +94,7 @@ + #endif + + #ifndef DEFAULT_PKCS11_WHITELIST +-# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" ++# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" + #endif + + typedef enum { diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10009-4.patch openssh-7.2p2/debian/patches/CVE-2016-10009-4.patch --- openssh-7.2p2/debian/patches/CVE-2016-10009-4.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10009-4.patch 2018-01-18 13:32:45.000000000 +0000 @@ -0,0 +1,27 @@ +Backport of: + +From 1a321bfdb91defe3c4d9cca5651724ae167e5436 Mon Sep 17 00:00:00 2001 +From: "deraadt@openbsd.org" +Date: Wed, 15 Mar 2017 03:52:30 +0000 +Subject: [PATCH] upstream commit + +accidents happen to the best of us; ok djm + +Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 +--- + ssh-agent.c | 3 ++- + sshd.c | 4 ++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +Index: openssh-7.2p2/ssh-agent.c +=================================================================== +--- openssh-7.2p2.orig/ssh-agent.c 2018-01-18 08:32:11.627598527 -0500 ++++ openssh-7.2p2/ssh-agent.c 2018-01-18 08:32:11.623598506 -0500 +@@ -861,6 +861,7 @@ process_remove_smartcard_key(SocketEntry + else + error("process_remove_smartcard_key:" + " pkcs11_del_provider failed"); ++send: + free(provider); + send_status(e, success); + } diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10009.patch openssh-7.2p2/debian/patches/CVE-2016-10009.patch --- openssh-7.2p2/debian/patches/CVE-2016-10009.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10009.patch 2018-01-15 14:17:25.000000000 +0000 @@ -0,0 +1,187 @@ +Backport of: + +From 786d5994da79151180cb14a6cf157ebbba61c0cc Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 30 Nov 2016 03:07:37 +0000 +Subject: [PATCH] upstream commit + +add a whitelist of paths from which ssh-agent will load +(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + +Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f +--- + ssh-agent.1 | 17 +++++++++++++++-- + ssh-agent.c | 43 +++++++++++++++++++++++++++++++++++-------- + 2 files changed, 50 insertions(+), 10 deletions(-) + +Index: openssh-7.2p2/ssh-agent.1 +=================================================================== +--- openssh-7.2p2.orig/ssh-agent.1 2018-01-15 09:16:38.172849898 -0500 ++++ openssh-7.2p2/ssh-agent.1 2018-01-15 09:16:38.164849880 -0500 +@@ -1,4 +1,4 @@ +-.\" $OpenBSD: ssh-agent.1,v 1.62 2015/11/15 23:54:15 jmc Exp $ ++.\" $OpenBSD: ssh-agent.1,v 1.63 2016/11/30 03:07:37 djm Exp $ + .\" + .\" Author: Tatu Ylonen + .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -34,7 +34,7 @@ + .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + .\" +-.Dd $Mdocdate: November 15 2015 $ ++.Dd $Mdocdate: November 30 2016 $ + .Dt SSH-AGENT 1 + .Os + .Sh NAME +@@ -47,6 +47,7 @@ + .Op Fl a Ar bind_address + .Op Fl E Ar fingerprint_hash + .Op Fl t Ar life ++.Op Fl P Ar pkcs11_whitelist + .Op Ar command Op Ar arg ... + .Nm ssh-agent + .Op Fl c | s +@@ -121,6 +122,18 @@ The default is + Kill the current agent (given by the + .Ev SSH_AGENT_PID + environment variable). ++.It Fl P ++Specify a pattern-list of acceptable paths for PKCS#11 shared libraries ++that may be added using the ++.Fl s ++option to ++.Xr ssh-add 1 . ++The default is to allow loading PKCS#11 libraries from ++.Dq /usr/lib/*,/usr/local/lib/* . ++PKCS#11 libraries that do not match the whitelist will be refused. ++See PATTERNS in ++.Xr ssh_config 5 ++for a description of pattern-list syntax. + .It Fl s + Generate Bourne shell commands on + .Dv stdout . +Index: openssh-7.2p2/ssh-agent.c +=================================================================== +--- openssh-7.2p2.orig/ssh-agent.c 2018-01-15 09:16:38.172849898 -0500 ++++ openssh-7.2p2/ssh-agent.c 2018-01-15 09:17:09.144919430 -0500 +@@ -83,6 +83,7 @@ + #include "misc.h" + #include "digest.h" + #include "ssherr.h" ++#include "match.h" + + #ifdef ENABLE_PKCS11 + #include "ssh-pkcs11.h" +@@ -92,6 +93,10 @@ + #include /* For prctl() and PR_SET_DUMPABLE */ + #endif + ++#ifndef DEFAULT_PKCS11_WHITELIST ++# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" ++#endif ++ + typedef enum { + AUTH_UNUSED, + AUTH_SOCKET, +@@ -139,6 +144,9 @@ pid_t cleanup_pid = 0; + char socket_name[PATH_MAX]; + char socket_dir[PATH_MAX]; + ++/* PKCS#11 path whitelist */ ++static char *pkcs11_whitelist; ++ + /* locking */ + #define LOCK_SIZE 32 + #define LOCK_SALT_SIZE 16 +@@ -741,7 +749,7 @@ no_identities(SocketEntry *e, u_int type + static void + process_add_smartcard_key(SocketEntry *e) + { +- char *provider = NULL, *pin; ++ char *provider = NULL, *pin, canonical_provider[PATH_MAX]; + int r, i, version, count = 0, success = 0, confirm = 0; + u_int seconds; + time_t death = 0; +@@ -773,10 +781,21 @@ process_add_smartcard_key(SocketEntry *e + goto send; + } + } ++ if (realpath(provider, canonical_provider) == NULL) { ++ verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", ++ provider, strerror(errno)); ++ goto send; ++ } ++ if (match_pattern_list(canonical_provider, pkcs11_whitelist, 0) != 1) { ++ verbose("refusing PKCS#11 add of \"%.100s\": " ++ "provider not whitelisted", canonical_provider); ++ goto send; ++ } ++ debug("%s: add %.100s", __func__, canonical_provider); + if (lifetime && !death) + death = monotime() + lifetime; + +- count = pkcs11_add_provider(provider, pin, &keys); ++ count = pkcs11_add_provider(canonical_provider, pin, &keys); + for (i = 0; i < count; i++) { + k = keys[i]; + version = k->type == KEY_RSA1 ? 1 : 2; +@@ -784,8 +803,8 @@ process_add_smartcard_key(SocketEntry *e + if (lookup_identity(k, version) == NULL) { + id = xcalloc(1, sizeof(Identity)); + id->key = k; +- id->provider = xstrdup(provider); +- id->comment = xstrdup(provider); /* XXX */ ++ id->provider = xstrdup(canonical_provider); ++ id->comment = xstrdup(canonical_provider); /* XXX */ + id->death = death; + id->confirm = confirm; + TAILQ_INSERT_TAIL(&tab->idlist, id, next); +@@ -1176,7 +1195,7 @@ usage(void) + { + fprintf(stderr, + "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" +- " [-t life] [command [arg ...]]\n" ++ " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" + " ssh-agent [-c | -s] -k\n"); + exit(1); + } +@@ -1220,7 +1239,7 @@ main(int ac, char **av) + __progname = ssh_get_progname(av[0]); + seed_rng(); + +- while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) { ++ while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { + switch (ch) { + case 'E': + fingerprint_hash = ssh_digest_alg_by_name(optarg); +@@ -1235,6 +1254,11 @@ main(int ac, char **av) + case 'k': + k_flag++; + break; ++ case 'P': ++ if (pkcs11_whitelist != NULL) ++ fatal("-P option already specified"); ++ pkcs11_whitelist = xstrdup(optarg); ++ break; + case 's': + if (c_flag) + usage(); +@@ -1269,6 +1293,9 @@ main(int ac, char **av) + if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) + usage(); + ++ if (pkcs11_whitelist == NULL) ++ pkcs11_whitelist = xstrdup(DEFAULT_PKCS11_WHITELIST); ++ + if (ac == 0 && !c_flag && !s_flag) { + shell = getenv("SHELL"); + if (shell != NULL && (len = strlen(shell)) > 2 && +@@ -1416,7 +1443,7 @@ skip: + signal(SIGTERM, cleanup_handler); + nalloc = 0; + +- if (pledge("stdio cpath unix id proc exec", NULL) == -1) ++ if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) + fatal("%s: pledge: %s", __progname, strerror(errno)); + platform_pledge_agent(); + diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10010-2.patch openssh-7.2p2/debian/patches/CVE-2016-10010-2.patch --- openssh-7.2p2/debian/patches/CVE-2016-10010-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10010-2.patch 2018-01-18 13:35:48.000000000 +0000 @@ -0,0 +1,76 @@ +Backport of: + +From 51045869fa084cdd016fdd721ea760417c0a3bf3 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 4 Jan 2017 05:37:40 +0000 +Subject: [PATCH] upstream commit + +unbreak Unix domain socket forwarding for root; ok +markus@ + +Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 +--- + serverloop.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +Index: openssh-7.2p2/serverloop.c +=================================================================== +--- openssh-7.2p2.orig/serverloop.c 2018-01-18 08:33:28.551977610 -0500 ++++ openssh-7.2p2/serverloop.c 2018-01-18 08:35:23.772454155 -0500 +@@ -984,6 +984,10 @@ server_request_direct_streamlocal(void) + Channel *c = NULL; + char *target, *originator; + u_short originator_port; ++ struct passwd *pw = the_authctxt->pw; ++ ++ if (pw == NULL || !the_authctxt->valid) ++ fatal("server_input_global_request: no/invalid user"); + + target = packet_get_string(NULL); + originator = packet_get_string(NULL); +@@ -995,7 +999,7 @@ server_request_direct_streamlocal(void) + + /* XXX fine grained permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && +- !no_port_forwarding_flag && use_privsep) { ++ !no_port_forwarding_flag && (pw->pw_uid == 0 || use_privsep)) { + c = channel_connect_to_path(target, + "direct-streamlocal@openssh.com", "direct-streamlocal"); + } else { +@@ -1217,6 +1221,10 @@ server_input_global_request(int type, u_ + int want_reply; + int r, success = 0, allocated_listen_port = 0; + struct sshbuf *resp = NULL; ++ struct passwd *pw = the_authctxt->pw; ++ ++ if (pw == NULL || !the_authctxt->valid) ++ fatal("server_input_global_request: no/invalid user"); + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); +@@ -1224,12 +1232,8 @@ server_input_global_request(int type, u_ + + /* -R style forwarding */ + if (strcmp(rtype, "tcpip-forward") == 0) { +- struct passwd *pw; + struct Forward fwd; + +- pw = the_authctxt->pw; +- if (pw == NULL || !the_authctxt->valid) +- fatal("server_input_global_request: no/invalid user"); + memset(&fwd, 0, sizeof(fwd)); + fwd.listen_host = packet_get_string(NULL); + fwd.listen_port = (u_short)packet_get_int(); +@@ -1279,9 +1283,10 @@ server_input_global_request(int type, u_ + + /* check permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 +- || no_port_forwarding_flag || !use_privsep) { ++ || no_port_forwarding_flag || (pw->pw_uid != 0 && !use_privsep)) { + success = 0; +- packet_send_debug("Server has disabled port forwarding."); ++ packet_send_debug("Server has disabled " ++ "streamlocal forwarding."); + } else { + /* Start listening on the socket */ + success = channel_setup_remote_fwd_listener( diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10010.patch openssh-7.2p2/debian/patches/CVE-2016-10010.patch --- openssh-7.2p2/debian/patches/CVE-2016-10010.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10010.patch 2018-01-15 14:22:01.000000000 +0000 @@ -0,0 +1,37 @@ +Backport of: + +From b737e4d7433577403a31cff6614f6a1b0b5e22f4 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 14 Dec 2016 00:36:34 +0000 +Subject: [PATCH] upstream commit + +disable Unix-domain socket forwarding when privsep is +disabled + +Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 +--- + serverloop.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +Index: openssh-7.2p2/serverloop.c +=================================================================== +--- openssh-7.2p2.orig/serverloop.c 2018-01-15 09:17:49.029005481 -0500 ++++ openssh-7.2p2/serverloop.c 2018-01-15 09:21:27.381418541 -0500 +@@ -995,7 +995,7 @@ server_request_direct_streamlocal(void) + + /* XXX fine grained permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && +- !no_port_forwarding_flag) { ++ !no_port_forwarding_flag && use_privsep) { + c = channel_connect_to_path(target, + "direct-streamlocal@openssh.com", "direct-streamlocal"); + } else { +@@ -1279,7 +1279,7 @@ server_input_global_request(int type, u_ + + /* check permissions */ + if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 +- || no_port_forwarding_flag) { ++ || no_port_forwarding_flag || !use_privsep) { + success = 0; + packet_send_debug("Server has disabled port forwarding."); + } else { diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10011.patch openssh-7.2p2/debian/patches/CVE-2016-10011.patch --- openssh-7.2p2/debian/patches/CVE-2016-10011.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10011.patch 2018-01-15 14:38:40.000000000 +0000 @@ -0,0 +1,51 @@ +Backport of: + +From 54d022026aae4f53fa74cc636e4a032d9689b64d Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 25 Nov 2016 23:24:45 +0000 +Subject: [PATCH] upstream commit + +use sshbuf_allocate() to pre-allocate the buffer used for +loading keys. This avoids implicit realloc inside the buffer code, which +might theoretically leave fragments of the key on the heap. This doesn't +appear to happen in practice for normal sized keys, but was observed for +novelty oversize ones. + +Pointed out by Jann Horn of Project Zero; ok markus@ + +Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 +--- + authfile.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +Index: openssh-7.2p2/authfile.c +=================================================================== +--- openssh-7.2p2.orig/authfile.c 2018-01-15 09:38:17.266700529 -0500 ++++ openssh-7.2p2/authfile.c 2018-01-15 09:38:17.262700525 -0500 +@@ -100,13 +100,25 @@ sshkey_load_file(int fd, struct sshbuf * + u_char buf[1024]; + size_t len; + struct stat st; +- int r; ++ int r, dontmax = 0; + + if (fstat(fd, &st) < 0) + return SSH_ERR_SYSTEM_ERROR; + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size > MAX_KEY_FILE_SIZE) + return SSH_ERR_INVALID_FORMAT; ++ /* ++ * Pre-allocate the buffer used for the key contents and clamp its ++ * maximum size. This ensures that key contents are never leaked via ++ * implicit realloc() in the sshbuf code. ++ */ ++ if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) { ++ st.st_size = 64*1024; /* 64k should be enough for anyone :) */ ++ dontmax = 1; ++ } ++ if ((r = sshbuf_allocate(blob, st.st_size)) != 0 || ++ (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0)) ++ return r; + for (;;) { + if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { + if (errno == EPIPE) diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10011-pre.patch openssh-7.2p2/debian/patches/CVE-2016-10011-pre.patch --- openssh-7.2p2/debian/patches/CVE-2016-10011-pre.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10011-pre.patch 2018-01-15 14:38:02.000000000 +0000 @@ -0,0 +1,135 @@ +Backport of: + +From a9c746088787549bb5b1ae3add7d06a1b6d93d5e Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 25 Nov 2016 23:22:04 +0000 +Subject: [PATCH] upstream commit + +split allocation out of sshbuf_reserve() into a separate +sshbuf_allocate() function; ok markus@ + +Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 +--- + sshbuf.c | 76 ++++++++++++++++++++++++++++++++++++---------------------------- + sshbuf.h | 10 ++++++++- + 2 files changed, 52 insertions(+), 34 deletions(-) + +Index: openssh-7.2p2/sshbuf.c +=================================================================== +--- openssh-7.2p2.orig/sshbuf.c 2018-01-15 09:22:23.005510972 -0500 ++++ openssh-7.2p2/sshbuf.c 2018-01-15 09:36:47.746606421 -0500 +@@ -316,16 +316,13 @@ sshbuf_check_reserve(const struct sshbuf + } + + int +-sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) ++sshbuf_allocate(struct sshbuf *buf, size_t len) + { + size_t rlen, need; + u_char *dp; + int r; + +- if (dpp != NULL) +- *dpp = NULL; +- +- SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); ++ SSHBUF_DBG(("allocate buf = %p len = %zu", buf, len)); + if ((r = sshbuf_check_reserve(buf, len)) != 0) + return r; + /* +@@ -333,36 +330,49 @@ sshbuf_reserve(struct sshbuf *buf, size_ + * then pack the buffer, zeroing buf->off. + */ + sshbuf_maybe_pack(buf, buf->size + len > buf->max_size); +- SSHBUF_TELL("reserve"); +- if (len + buf->size > buf->alloc) { +- /* +- * Prefer to alloc in SSHBUF_SIZE_INC units, but +- * allocate less if doing so would overflow max_size. +- */ +- need = len + buf->size - buf->alloc; +- rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); +- SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); +- if (rlen > buf->max_size) +- rlen = buf->alloc + need; +- SSHBUF_DBG(("adjusted rlen %zu", rlen)); +- if ((dp = realloc(buf->d, rlen)) == NULL) { +- SSHBUF_DBG(("realloc fail")); +- if (dpp != NULL) +- *dpp = NULL; +- return SSH_ERR_ALLOC_FAIL; +- } +- buf->alloc = rlen; +- buf->cd = buf->d = dp; +- if ((r = sshbuf_check_reserve(buf, len)) < 0) { +- /* shouldn't fail */ +- if (dpp != NULL) +- *dpp = NULL; +- return r; +- } ++ SSHBUF_TELL("allocate"); ++ if (len + buf->size <= buf->alloc) ++ return 0; /* already have it. */ ++ ++ /* ++ * Prefer to alloc in SSHBUF_SIZE_INC units, but ++ * allocate less if doing so would overflow max_size. ++ */ ++ need = len + buf->size - buf->alloc; ++ rlen = roundup(buf->alloc + need, SSHBUF_SIZE_INC); ++ SSHBUF_DBG(("need %zu initial rlen %zu", need, rlen)); ++ if (rlen > buf->max_size) ++ rlen = buf->alloc + need; ++ SSHBUF_DBG(("adjusted rlen %zu", rlen)); ++ if ((dp = realloc(buf->d, rlen)) == NULL) { ++ SSHBUF_DBG(("realloc fail")); ++ return SSH_ERR_ALLOC_FAIL; ++ } ++ buf->alloc = rlen; ++ buf->cd = buf->d = dp; ++ if ((r = sshbuf_check_reserve(buf, len)) < 0) { ++ /* shouldn't fail */ ++ return r; + } ++ SSHBUF_TELL("done"); ++ return 0; ++} ++ ++int ++sshbuf_reserve(struct sshbuf *buf, size_t len, u_char **dpp) ++{ ++ u_char *dp; ++ int r; ++ ++ if (dpp != NULL) ++ *dpp = NULL; ++ ++ SSHBUF_DBG(("reserve buf = %p len = %zu", buf, len)); ++ if ((r = sshbuf_allocate(buf, len)) != 0) ++ return r; ++ + dp = buf->d + buf->size; + buf->size += len; +- SSHBUF_TELL("done"); + if (dpp != NULL) + *dpp = dp; + return 0; +Index: openssh-7.2p2/sshbuf.h +=================================================================== +--- openssh-7.2p2.orig/sshbuf.h 2018-01-15 09:22:23.005510972 -0500 ++++ openssh-7.2p2/sshbuf.h 2018-01-15 09:22:23.005510972 -0500 +@@ -139,6 +139,14 @@ u_char *sshbuf_mutable_ptr(const struct + int sshbuf_check_reserve(const struct sshbuf *buf, size_t len); + + /* ++ * Preallocates len additional bytes in buf. ++ * Useful for cases where the caller knows how many bytes will ultimately be ++ * required to avoid realloc in the buffer code. ++ * Returns 0 on success, or a negative SSH_ERR_* error code on failure. ++ */ ++int sshbuf_allocate(struct sshbuf *buf, size_t len); ++ ++/* + * Reserve len bytes in buf. + * Returns 0 on success and a pointer to the first reserved byte via the + * optional dpp parameter or a negative * SSH_ERR_* error code on failure. diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10012-1.patch openssh-7.2p2/debian/patches/CVE-2016-10012-1.patch --- openssh-7.2p2/debian/patches/CVE-2016-10012-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10012-1.patch 2018-01-15 14:43:35.000000000 +0000 @@ -0,0 +1,863 @@ +Backport of: + +From 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 28 Sep 2016 16:33:06 +0000 +Subject: [PATCH] upstream commit + +Remove support for pre-authentication compression. Doing +compression early in the protocol probably seemed reasonable in the 1990s, +but today it's clearly a bad idea in terms of both cryptography (cf. multiple +compression oracle attacks in TLS) and attack surface. + +Moreover, to support it across privilege-separation zlib needed +the assistance of a complex shared-memory manager that made the +required attack surface considerably larger. + +Prompted by Guido Vranken pointing out a compiler-elided security +check in the shared memory manager found by Stack +(http://css.csail.mit.edu/stack/); ok deraadt@ markus@ + +NB. pre-auth authentication has been disabled by default in sshd +for >10 years. + +Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf +--- + Makefile.in | 2 +- + monitor.c | 48 +------- + monitor.h | 6 +- + monitor_mm.c | 357 --------------------------------------------------------- + monitor_mm.h | 62 ---------- + monitor_wrap.h | 5 +- + myproposal.h | 4 +- + opacket.h | 3 - + packet.c | 104 +---------------- + packet.h | 7 +- + servconf.c | 4 +- + sshconnect2.c | 4 +- + sshd.c | 10 +- + 13 files changed, 18 insertions(+), 598 deletions(-) + delete mode 100644 monitor_mm.c + delete mode 100644 monitor_mm.h + +Index: openssh-7.2p2/Makefile.in +=================================================================== +--- openssh-7.2p2.orig/Makefile.in 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/Makefile.in 2018-01-15 09:40:23.414830366 -0500 +@@ -105,7 +105,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + auth-chall.o auth2-chall.o groupaccess.o \ + auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ + auth2-none.o auth2-passwd.o auth2-pubkey.o \ +- monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ ++ monitor.o monitor_wrap.o auth-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + sftp-server.o sftp-common.o \ +Index: openssh-7.2p2/monitor.c +=================================================================== +--- openssh-7.2p2.orig/monitor.c 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/monitor.c 2018-01-15 09:39:15.802761143 -0500 +@@ -92,7 +92,6 @@ + #include "misc.h" + #include "servconf.h" + #include "monitor.h" +-#include "monitor_mm.h" + #ifdef GSSAPI + #include "ssh-gss.h" + #endif +@@ -492,31 +491,6 @@ monitor_child_postauth(struct monitor *p + monitor_read(pmonitor, mon_dispatch, NULL); + } + +-void +-monitor_sync(struct monitor *pmonitor) +-{ +- if (options.compression) { +- /* The member allocation is not visible, so sync it */ +- mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); +- } +-} +- +-/* Allocation functions for zlib */ +-static void * +-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) +-{ +- if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) +- fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); +- +- return mm_malloc(mm, size * ncount); +-} +- +-static void +-mm_zfree(struct mm_master *mm, void *address) +-{ +- mm_free(mm, address); +-} +- + static int + monitor_read_log(struct monitor *pmonitor) + { +@@ -1916,13 +1890,6 @@ monitor_apply_keystate(struct monitor *p + kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; + } +- +- /* Update with new address */ +- if (options.compression) { +- ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, +- (ssh_packet_comp_alloc_func *)mm_zalloc, +- (ssh_packet_comp_free_func *)mm_zfree); +- } + } + + /* This function requries careful sanity checking */ +@@ -1975,24 +1942,11 @@ monitor_openfds(struct monitor *mon, int + struct monitor * + monitor_init(void) + { +- struct ssh *ssh = active_state; /* XXX */ + struct monitor *mon; + + mon = xcalloc(1, sizeof(*mon)); +- + monitor_openfds(mon, 1); + +- /* Used to share zlib space across processes */ +- if (options.compression) { +- mon->m_zback = mm_create(NULL, MM_MEMSIZE); +- mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); +- +- /* Compression needs to share state across borders */ +- ssh_packet_set_compress_hooks(ssh, mon->m_zlib, +- (ssh_packet_comp_alloc_func *)mm_zalloc, +- (ssh_packet_comp_free_func *)mm_zfree); +- } +- + return mon; + } + +Index: openssh-7.2p2/monitor.h +=================================================================== +--- openssh-7.2p2.orig/monitor.h 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/monitor.h 2018-01-15 09:39:15.802761143 -0500 +@@ -72,21 +72,17 @@ enum monitor_reqtype { + + }; + +-struct mm_master; + struct monitor { + int m_recvfd; + int m_sendfd; + int m_log_recvfd; + int m_log_sendfd; +- struct mm_master *m_zback; +- struct mm_master *m_zlib; + struct kex **m_pkex; + pid_t m_pid; + }; + + struct monitor *monitor_init(void); + void monitor_reinit(struct monitor *); +-void monitor_sync(struct monitor *); + + struct Authctxt; + void monitor_child_preauth(struct Authctxt *, struct monitor *); +Index: openssh-7.2p2/monitor_mm.c +=================================================================== +--- openssh-7.2p2.orig/monitor_mm.c 2018-01-15 09:39:15.806761147 -0500 ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 +@@ -1,357 +0,0 @@ +-/* $OpenBSD: monitor_mm.c,v 1.21 2015/02/06 23:21:59 millert Exp $ */ +-/* +- * Copyright 2002 Niels Provos +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- +-#include "includes.h" +- +-#include +-#ifdef HAVE_SYS_MMAN_H +-#include +-#endif +-#include "openbsd-compat/sys-tree.h" +- +-#include +-#include +-#include +-#ifdef HAVE_STDINT_H +-#include +-#endif +-#include +-#include +- +-#include "xmalloc.h" +-#include "ssh.h" +-#include "log.h" +-#include "monitor_mm.h" +- +-static int +-mm_compare(struct mm_share *a, struct mm_share *b) +-{ +- ptrdiff_t diff = (char *)a->address - (char *)b->address; +- +- if (diff == 0) +- return (0); +- else if (diff < 0) +- return (-1); +- else +- return (1); +-} +- +-RB_GENERATE(mmtree, mm_share, next, mm_compare) +- +-static struct mm_share * +-mm_make_entry(struct mm_master *mm, struct mmtree *head, +- void *address, size_t size) +-{ +- struct mm_share *tmp, *tmp2; +- +- if (mm->mmalloc == NULL) +- tmp = xcalloc(1, sizeof(struct mm_share)); +- else +- tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share)); +- tmp->address = address; +- tmp->size = size; +- +- tmp2 = RB_INSERT(mmtree, head, tmp); +- if (tmp2 != NULL) +- fatal("mm_make_entry(%p): double address %p->%p(%zu)", +- mm, tmp2, address, size); +- +- return (tmp); +-} +- +-/* Creates a shared memory area of a certain size */ +- +-struct mm_master * +-mm_create(struct mm_master *mmalloc, size_t size) +-{ +- void *address; +- struct mm_master *mm; +- +- if (mmalloc == NULL) +- mm = xcalloc(1, sizeof(struct mm_master)); +- else +- mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); +- +- /* +- * If the memory map has a mm_master it can be completely +- * shared including authentication between the child +- * and the client. +- */ +- mm->mmalloc = mmalloc; +- +- address = xmmap(size); +- if (address == (void *)MAP_FAILED) +- fatal("mmap(%zu): %s", size, strerror(errno)); +- +- mm->address = address; +- mm->size = size; +- +- RB_INIT(&mm->rb_free); +- RB_INIT(&mm->rb_allocated); +- +- mm_make_entry(mm, &mm->rb_free, address, size); +- +- return (mm); +-} +- +-/* Frees either the allocated or the free list */ +- +-static void +-mm_freelist(struct mm_master *mmalloc, struct mmtree *head) +-{ +- struct mm_share *mms, *next; +- +- for (mms = RB_ROOT(head); mms; mms = next) { +- next = RB_NEXT(mmtree, head, mms); +- RB_REMOVE(mmtree, head, mms); +- if (mmalloc == NULL) +- free(mms); +- else +- mm_free(mmalloc, mms); +- } +-} +- +-/* Destroys a memory mapped area */ +- +-void +-mm_destroy(struct mm_master *mm) +-{ +- mm_freelist(mm->mmalloc, &mm->rb_free); +- mm_freelist(mm->mmalloc, &mm->rb_allocated); +- +-#ifdef HAVE_MMAP +- if (munmap(mm->address, mm->size) == -1) +- fatal("munmap(%p, %zu): %s", mm->address, mm->size, +- strerror(errno)); +-#else +- fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", +- __func__); +-#endif +- if (mm->mmalloc == NULL) +- free(mm); +- else +- mm_free(mm->mmalloc, mm); +-} +- +-void * +-mm_xmalloc(struct mm_master *mm, size_t size) +-{ +- void *address; +- +- address = mm_malloc(mm, size); +- if (address == NULL) +- fatal("%s: mm_malloc(%zu)", __func__, size); +- memset(address, 0, size); +- return (address); +-} +- +- +-/* Allocates data from a memory mapped area */ +- +-void * +-mm_malloc(struct mm_master *mm, size_t size) +-{ +- struct mm_share *mms, *tmp; +- +- if (size == 0) +- fatal("mm_malloc: try to allocate 0 space"); +- if (size > SIZE_MAX - MM_MINSIZE + 1) +- fatal("mm_malloc: size too big"); +- +- size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE; +- +- RB_FOREACH(mms, mmtree, &mm->rb_free) { +- if (mms->size >= size) +- break; +- } +- +- if (mms == NULL) +- return (NULL); +- +- /* Debug */ +- memset(mms->address, 0xd0, size); +- +- tmp = mm_make_entry(mm, &mm->rb_allocated, mms->address, size); +- +- /* Does not change order in RB tree */ +- mms->size -= size; +- mms->address = (char *)mms->address + size; +- +- if (mms->size == 0) { +- RB_REMOVE(mmtree, &mm->rb_free, mms); +- if (mm->mmalloc == NULL) +- free(mms); +- else +- mm_free(mm->mmalloc, mms); +- } +- +- return (tmp->address); +-} +- +-/* Frees memory in a memory mapped area */ +- +-void +-mm_free(struct mm_master *mm, void *address) +-{ +- struct mm_share *mms, *prev, tmp; +- +- tmp.address = address; +- mms = RB_FIND(mmtree, &mm->rb_allocated, &tmp); +- if (mms == NULL) +- fatal("mm_free(%p): can not find %p", mm, address); +- +- /* Debug */ +- memset(mms->address, 0xd0, mms->size); +- +- /* Remove from allocated list and insert in free list */ +- RB_REMOVE(mmtree, &mm->rb_allocated, mms); +- if (RB_INSERT(mmtree, &mm->rb_free, mms) != NULL) +- fatal("mm_free(%p): double address %p", mm, address); +- +- /* Find previous entry */ +- prev = mms; +- if (RB_LEFT(prev, next)) { +- prev = RB_LEFT(prev, next); +- while (RB_RIGHT(prev, next)) +- prev = RB_RIGHT(prev, next); +- } else { +- if (RB_PARENT(prev, next) && +- (prev == RB_RIGHT(RB_PARENT(prev, next), next))) +- prev = RB_PARENT(prev, next); +- else { +- while (RB_PARENT(prev, next) && +- (prev == RB_LEFT(RB_PARENT(prev, next), next))) +- prev = RB_PARENT(prev, next); +- prev = RB_PARENT(prev, next); +- } +- } +- +- /* Check if range does not overlap */ +- if (prev != NULL && MM_ADDRESS_END(prev) > address) +- fatal("mm_free: memory corruption: %p(%zu) > %p", +- prev->address, prev->size, address); +- +- /* See if we can merge backwards */ +- if (prev != NULL && MM_ADDRESS_END(prev) == address) { +- prev->size += mms->size; +- RB_REMOVE(mmtree, &mm->rb_free, mms); +- if (mm->mmalloc == NULL) +- free(mms); +- else +- mm_free(mm->mmalloc, mms); +- } else +- prev = mms; +- +- if (prev == NULL) +- return; +- +- /* Check if we can merge forwards */ +- mms = RB_NEXT(mmtree, &mm->rb_free, prev); +- if (mms == NULL) +- return; +- +- if (MM_ADDRESS_END(prev) > mms->address) +- fatal("mm_free: memory corruption: %p < %p(%zu)", +- mms->address, prev->address, prev->size); +- if (MM_ADDRESS_END(prev) != mms->address) +- return; +- +- prev->size += mms->size; +- RB_REMOVE(mmtree, &mm->rb_free, mms); +- +- if (mm->mmalloc == NULL) +- free(mms); +- else +- mm_free(mm->mmalloc, mms); +-} +- +-static void +-mm_sync_list(struct mmtree *oldtree, struct mmtree *newtree, +- struct mm_master *mm, struct mm_master *mmold) +-{ +- struct mm_master *mmalloc = mm->mmalloc; +- struct mm_share *mms, *new; +- +- /* Sync free list */ +- RB_FOREACH(mms, mmtree, oldtree) { +- /* Check the values */ +- mm_memvalid(mmold, mms, sizeof(struct mm_share)); +- mm_memvalid(mm, mms->address, mms->size); +- +- new = mm_xmalloc(mmalloc, sizeof(struct mm_share)); +- memcpy(new, mms, sizeof(struct mm_share)); +- RB_INSERT(mmtree, newtree, new); +- } +-} +- +-void +-mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc) +-{ +- struct mm_master *mm; +- struct mm_master *mmalloc; +- struct mm_master *mmold; +- struct mmtree rb_free, rb_allocated; +- +- debug3("%s: Share sync", __func__); +- +- mm = *pmm; +- mmold = mm->mmalloc; +- mm_memvalid(mmold, mm, sizeof(*mm)); +- +- mmalloc = mm_create(NULL, mm->size); +- mm = mm_xmalloc(mmalloc, sizeof(struct mm_master)); +- memcpy(mm, *pmm, sizeof(struct mm_master)); +- mm->mmalloc = mmalloc; +- +- rb_free = mm->rb_free; +- rb_allocated = mm->rb_allocated; +- +- RB_INIT(&mm->rb_free); +- RB_INIT(&mm->rb_allocated); +- +- mm_sync_list(&rb_free, &mm->rb_free, mm, mmold); +- mm_sync_list(&rb_allocated, &mm->rb_allocated, mm, mmold); +- +- mm_destroy(mmold); +- +- *pmm = mm; +- *pmmalloc = mmalloc; +- +- debug3("%s: Share sync end", __func__); +-} +- +-void +-mm_memvalid(struct mm_master *mm, void *address, size_t size) +-{ +- void *end = (char *)address + size; +- +- if (address < mm->address) +- fatal("mm_memvalid: address too small: %p", address); +- if (end < address) +- fatal("mm_memvalid: end < address: %p < %p", end, address); +- if (end > MM_ADDRESS_END(mm)) +- fatal("mm_memvalid: address too large: %p", address); +-} +Index: openssh-7.2p2/monitor_mm.h +=================================================================== +--- openssh-7.2p2.orig/monitor_mm.h 2018-01-15 09:39:15.806761147 -0500 ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 +@@ -1,62 +0,0 @@ +-/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */ +- +-/* +- * Copyright 2002 Niels Provos +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- +-#ifndef _MM_H_ +-#define _MM_H_ +- +-struct mm_share { +- RB_ENTRY(mm_share) next; +- void *address; +- size_t size; +-}; +- +-struct mm_master { +- RB_HEAD(mmtree, mm_share) rb_free; +- struct mmtree rb_allocated; +- void *address; +- size_t size; +- +- struct mm_master *mmalloc; /* Used to completely share */ +-}; +- +-RB_PROTOTYPE(mmtree, mm_share, next, mm_compare) +- +-#define MM_MINSIZE 128 +- +-#define MM_ADDRESS_END(x) (void *)((char *)(x)->address + (x)->size) +- +-struct mm_master *mm_create(struct mm_master *, size_t); +-void mm_destroy(struct mm_master *); +- +-void mm_share_sync(struct mm_master **, struct mm_master **); +- +-void *mm_malloc(struct mm_master *, size_t); +-void *mm_xmalloc(struct mm_master *, size_t); +-void mm_free(struct mm_master *, void *); +- +-void mm_memvalid(struct mm_master *, void *, size_t); +-#endif /* _MM_H_ */ +Index: openssh-7.2p2/monitor_wrap.h +=================================================================== +--- openssh-7.2p2.orig/monitor_wrap.h 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/monitor_wrap.h 2018-01-15 09:39:15.802761143 -0500 +@@ -105,7 +105,4 @@ int mm_bsdauth_respond(void *, u_int, ch + int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); + int mm_skey_respond(void *, u_int, char **); + +-/* zlib allocation hooks */ +-void mm_init_compression(struct mm_master *); +- + #endif /* _MM_WRAP_H_ */ +Index: openssh-7.2p2/myproposal.h +=================================================================== +--- openssh-7.2p2.orig/myproposal.h 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/myproposal.h 2018-01-15 09:39:15.802761143 -0500 +@@ -157,7 +157,7 @@ + + #endif /* WITH_OPENSSL */ + +-#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" ++#define KEX_DEFAULT_COMP "none,zlib@openssh.com" + #define KEX_DEFAULT_LANG "" + + #define KEX_CLIENT \ +Index: openssh-7.2p2/opacket.h +=================================================================== +--- openssh-7.2p2.orig/opacket.h 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/opacket.h 2018-01-15 09:39:15.802761143 -0500 +@@ -133,9 +133,6 @@ void packet_disconnect(const char *, ... + ssh_packet_get_input(active_state) + #define packet_get_output() \ + ssh_packet_get_output(active_state) +-#define packet_set_compress_hooks(ctx, allocfunc, freefunc) \ +- ssh_packet_set_compress_hooks(active_state, ctx, \ +- allocfunc, freefunc); + #define packet_check_eom() \ + ssh_packet_check_eom(active_state) + #define set_newkeys(mode) \ +Index: openssh-7.2p2/packet.c +=================================================================== +--- openssh-7.2p2.orig/packet.c 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/packet.c 2018-01-15 09:39:15.802761143 -0500 +@@ -722,86 +722,6 @@ uncompress_buffer(struct ssh *ssh, struc + /* NOTREACHED */ + } + +-/* Serialise compression state into a blob for privsep */ +-static int +-ssh_packet_get_compress_state(struct sshbuf *m, struct ssh *ssh) +-{ +- struct session_state *state = ssh->state; +- struct sshbuf *b; +- int r; +- +- if ((b = sshbuf_new()) == NULL) +- return SSH_ERR_ALLOC_FAIL; +- if (state->compression_in_started) { +- if ((r = sshbuf_put_string(b, &state->compression_in_stream, +- sizeof(state->compression_in_stream))) != 0) +- goto out; +- } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) +- goto out; +- if (state->compression_out_started) { +- if ((r = sshbuf_put_string(b, &state->compression_out_stream, +- sizeof(state->compression_out_stream))) != 0) +- goto out; +- } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) +- goto out; +- r = sshbuf_put_stringb(m, b); +- out: +- sshbuf_free(b); +- return r; +-} +- +-/* Deserialise compression state from a blob for privsep */ +-static int +-ssh_packet_set_compress_state(struct ssh *ssh, struct sshbuf *m) +-{ +- struct session_state *state = ssh->state; +- struct sshbuf *b = NULL; +- int r; +- const u_char *inblob, *outblob; +- size_t inl, outl; +- +- if ((r = sshbuf_froms(m, &b)) != 0) +- goto out; +- if ((r = sshbuf_get_string_direct(b, &inblob, &inl)) != 0 || +- (r = sshbuf_get_string_direct(b, &outblob, &outl)) != 0) +- goto out; +- if (inl == 0) +- state->compression_in_started = 0; +- else if (inl != sizeof(state->compression_in_stream)) { +- r = SSH_ERR_INTERNAL_ERROR; +- goto out; +- } else { +- state->compression_in_started = 1; +- memcpy(&state->compression_in_stream, inblob, inl); +- } +- if (outl == 0) +- state->compression_out_started = 0; +- else if (outl != sizeof(state->compression_out_stream)) { +- r = SSH_ERR_INTERNAL_ERROR; +- goto out; +- } else { +- state->compression_out_started = 1; +- memcpy(&state->compression_out_stream, outblob, outl); +- } +- r = 0; +- out: +- sshbuf_free(b); +- return r; +-} +- +-void +-ssh_packet_set_compress_hooks(struct ssh *ssh, void *ctx, +- void *(*allocfunc)(void *, u_int, u_int), +- void (*freefunc)(void *, void *)) +-{ +- ssh->state->compression_out_stream.zalloc = (alloc_func)allocfunc; +- ssh->state->compression_out_stream.zfree = (free_func)freefunc; +- ssh->state->compression_out_stream.opaque = ctx; +- ssh->state->compression_in_stream.zalloc = (alloc_func)allocfunc; +- ssh->state->compression_in_stream.zfree = (free_func)freefunc; +- ssh->state->compression_in_stream.opaque = ctx; +-} +- + /* + * Causes any further packets to be encrypted using the given key. The same + * key is used for both sending and reception. However, both directions are +@@ -2410,21 +2330,14 @@ ssh_packet_get_output(struct ssh *ssh) + static int + ssh_packet_set_postauth(struct ssh *ssh) + { +- struct sshcomp *comp; +- int r, mode; ++ int r; + + debug("%s: called", __func__); + /* This was set in net child, but is not visible in user child */ + ssh->state->after_authentication = 1; + ssh->state->rekeying = 0; +- for (mode = 0; mode < MODE_MAX; mode++) { +- if (ssh->state->newkeys[mode] == NULL) +- continue; +- comp = &ssh->state->newkeys[mode]->comp; +- if (comp && comp->enabled && +- (r = ssh_packet_init_compression(ssh)) != 0) +- return r; +- } ++ if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0) ++ return r; + return 0; + } + +@@ -2488,7 +2401,6 @@ newkeys_to_blob(struct sshbuf *m, struct + goto out; + } + if ((r = sshbuf_put_u32(b, comp->type)) != 0 || +- (r = sshbuf_put_u32(b, comp->enabled)) != 0 || + (r = sshbuf_put_cstring(b, comp->name)) != 0) + goto out; + r = sshbuf_put_stringb(m, b); +@@ -2549,9 +2461,7 @@ ssh_packet_get_state(struct ssh *ssh, st + return r; + if (cipher_get_keycontext(&state->receive_context, p) != (int)rlen) + return SSH_ERR_INTERNAL_ERROR; +- +- if ((r = ssh_packet_get_compress_state(m, ssh)) != 0 || +- (r = sshbuf_put_stringb(m, state->input)) != 0 || ++ if ((r = sshbuf_put_stringb(m, state->input)) != 0 || + (r = sshbuf_put_stringb(m, state->output)) != 0) + return r; + +@@ -2605,7 +2515,6 @@ newkeys_from_blob(struct sshbuf *m, stru + mac->key_len = maclen; + } + if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || +- (r = sshbuf_get_u32(b, (u_int *)&comp->enabled)) != 0 || + (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0) + goto out; + if (enc->name == NULL || +@@ -2733,8 +2642,7 @@ ssh_packet_set_state(struct ssh *ssh, st + cipher_set_keycontext(&state->send_context, keyout); + cipher_set_keycontext(&state->receive_context, keyin); + +- if ((r = ssh_packet_set_compress_state(ssh, m)) != 0 || +- (r = ssh_packet_set_postauth(ssh)) != 0) ++ if ((r = ssh_packet_set_postauth(ssh)) != 0) + return r; + + sshbuf_reset(state->input); +Index: openssh-7.2p2/packet.h +=================================================================== +--- openssh-7.2p2.orig/packet.h 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/packet.h 2018-01-15 09:39:15.802761143 -0500 +@@ -118,11 +118,6 @@ void ssh_packet_send_debug(struct ss + int ssh_set_newkeys(struct ssh *, int mode); + void ssh_packet_get_bytes(struct ssh *, u_int64_t *, u_int64_t *); + +-typedef void *(ssh_packet_comp_alloc_func)(void *, u_int, u_int); +-typedef void (ssh_packet_comp_free_func)(void *, void *); +-void ssh_packet_set_compress_hooks(struct ssh *, void *, +- ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *); +- + int ssh_packet_write_poll(struct ssh *); + int ssh_packet_write_wait(struct ssh *); + int ssh_packet_have_data_to_write(struct ssh *); +Index: openssh-7.2p2/servconf.c +=================================================================== +--- openssh-7.2p2.orig/servconf.c 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/servconf.c 2018-01-15 09:39:15.802761143 -0500 +@@ -956,7 +956,7 @@ static const struct multistate multistat + }; + static const struct multistate multistate_compression[] = { + { "delayed", COMP_DELAYED }, +- { "yes", COMP_ZLIB }, ++ { "yes", COMP_DELAYED }, + { "no", COMP_NONE }, + { NULL, -1 } + }; +Index: openssh-7.2p2/sshconnect2.c +=================================================================== +--- openssh-7.2p2.orig/sshconnect2.c 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/sshconnect2.c 2018-01-15 09:41:29.378897184 -0500 +@@ -178,10 +178,10 @@ ssh_kex2(char *host, struct sockaddr *ho + compat_cipher_proposal(options.ciphers); + if (options.compression) { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = +- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; ++ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,none"; + } else { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = +- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; ++ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; + } + myproposal[PROPOSAL_MAC_ALGS_CTOS] = + myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; +Index: openssh-7.2p2/sshd.c +=================================================================== +--- openssh-7.2p2.orig/sshd.c 2018-01-15 09:39:15.806761147 -0500 ++++ openssh-7.2p2/sshd.c 2018-01-15 09:42:03.594931592 -0500 +@@ -119,7 +119,6 @@ + #include "dispatch.h" + #include "channels.h" + #include "session.h" +-#include "monitor_mm.h" + #include "monitor.h" + #ifdef GSSAPI + #include "ssh-gss.h" +@@ -699,9 +698,6 @@ privsep_preauth(Authctxt *authctxt) + ssh_sandbox_parent_preauth(box, pid); + monitor_child_preauth(authctxt, pmonitor); + +- /* Sync memory */ +- monitor_sync(pmonitor); +- + /* Wait for the child's exit status */ + while (waitpid(pid, &status, 0) < 0) { + if (errno == EINTR) +@@ -2665,9 +2661,6 @@ do_ssh2_kex(void) + if (options.compression == COMP_NONE) { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; +- } else if (options.compression == COMP_DELAYED) { +- myproposal[PROPOSAL_COMP_ALGS_CTOS] = +- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; + } + + if (options.rekey_limit || options.rekey_interval) diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10012-2.patch openssh-7.2p2/debian/patches/CVE-2016-10012-2.patch --- openssh-7.2p2/debian/patches/CVE-2016-10012-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10012-2.patch 2018-01-15 14:47:52.000000000 +0000 @@ -0,0 +1,125 @@ +Backport of: + +From 4577adead6a7d600c8e764619d99477a08192c8f Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 28 Sep 2016 20:32:42 +0000 +Subject: [PATCH] upstream commit + +restore pre-auth compression support in the client -- the +previous commit was intended to remove it from the server only. + +remove a few server-side pre-auth compression bits that escaped + +adjust wording of Compression directive in sshd_config(5) + +pointed out by naddy@ ok markus@ + +Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b +--- + kex.c | 4 +--- + kex.h | 5 ++--- + packet.c | 7 +++---- + servconf.c | 4 ++-- + sshconnect2.c | 4 ++-- + sshd_config.5 | 12 +++++++----- + 6 files changed, 17 insertions(+), 19 deletions(-) + +Index: openssh-7.2p2/kex.c +=================================================================== +--- openssh-7.2p2.orig/kex.c 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/kex.c 2018-01-15 09:45:36.003142056 -0500 +@@ -687,8 +687,6 @@ choose_comp(struct sshcomp *comp, char * + return SSH_ERR_NO_COMPRESS_ALG_MATCH; + if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; +- } else if (strcmp(name, "zlib") == 0) { +- comp->type = COMP_ZLIB; + } else if (strcmp(name, "none") == 0) { + comp->type = COMP_NONE; + } else { +Index: openssh-7.2p2/kex.h +=================================================================== +--- openssh-7.2p2.orig/kex.h 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/kex.h 2018-01-15 09:45:36.003142056 -0500 +@@ -60,8 +60,7 @@ + #define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" + + #define COMP_NONE 0 +-#define COMP_ZLIB 1 +-#define COMP_DELAYED 2 ++#define COMP_DELAYED 1 + + #define CURVE25519_SIZE 32 + +Index: openssh-7.2p2/packet.c +=================================================================== +--- openssh-7.2p2.orig/packet.c 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/packet.c 2018-01-15 09:45:36.003142056 -0500 +@@ -928,9 +928,8 @@ ssh_set_newkeys(struct ssh *ssh, int mod + /* explicit_bzero(enc->iv, enc->block_size); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); */ +- if ((comp->type == COMP_ZLIB || +- (comp->type == COMP_DELAYED && +- state->after_authentication)) && comp->enabled == 0) { ++ if (comp->type == COMP_DELAYED && state->after_authentication && ++ comp->enabled == 0) { + if ((r = ssh_packet_init_compression(ssh)) < 0) + return r; + if (mode == MODE_OUT) { +Index: openssh-7.2p2/servconf.c +=================================================================== +--- openssh-7.2p2.orig/servconf.c 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/servconf.c 2018-01-15 09:45:36.003142056 -0500 +@@ -955,8 +955,8 @@ static const struct multistate multistat + { NULL, -1 } + }; + static const struct multistate multistate_compression[] = { +- { "delayed", COMP_DELAYED }, + { "yes", COMP_DELAYED }, ++ { "delayed", COMP_DELAYED }, + { "no", COMP_NONE }, + { NULL, -1 } + }; +Index: openssh-7.2p2/sshconnect2.c +=================================================================== +--- openssh-7.2p2.orig/sshconnect2.c 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/sshconnect2.c 2018-01-15 09:46:28.031192929 -0500 +@@ -178,10 +178,10 @@ ssh_kex2(char *host, struct sockaddr *ho + compat_cipher_proposal(options.ciphers); + if (options.compression) { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = +- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,none"; ++ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; + } else { + myproposal[PROPOSAL_COMP_ALGS_CTOS] = +- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; ++ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; + } + myproposal[PROPOSAL_MAC_ALGS_CTOS] = + myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; +Index: openssh-7.2p2/sshd_config.5 +=================================================================== +--- openssh-7.2p2.orig/sshd_config.5 2018-01-15 09:45:36.003142056 -0500 ++++ openssh-7.2p2/sshd_config.5 2018-01-15 09:47:17.911241499 -0500 +@@ -549,15 +549,17 @@ channel to request a response from the c + The default + is 0, indicating that these messages will not be sent to the client. + .It Cm Compression +-Specifies whether compression is allowed, or delayed until ++Specifies whether compression is enabled after + the user has authenticated successfully. + The argument must be + .Dq yes , +-.Dq delayed , ++.Dq delayed ++(a legacy synonym for ++.Dq yes ) + or + .Dq no . + The default is +-.Dq delayed . ++.Dq yes . + .It Cm DebianBanner + Specifies whether the distribution-specified extra version suffix is + included during initial protocol handshake. diff -Nru openssh-7.2p2/debian/patches/CVE-2016-10012-3.patch openssh-7.2p2/debian/patches/CVE-2016-10012-3.patch --- openssh-7.2p2/debian/patches/CVE-2016-10012-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2016-10012-3.patch 2018-01-15 14:49:29.000000000 +0000 @@ -0,0 +1,60 @@ +Backport of: + +From b7689155f3f5c4999846c07a852b1c7a43b09cec Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 28 Sep 2016 21:44:52 +0000 +Subject: [PATCH] upstream commit + +put back some pre-auth zlib bits that I shouldn't have +removed - they are still used by the client. Spotted by naddy@ + +Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 +--- + kex.c | 4 +++- + kex.h | 5 +++-- + packet.c | 7 ++++--- + 3 files changed, 10 insertions(+), 6 deletions(-) + +Index: openssh-7.2p2/kex.c +=================================================================== +--- openssh-7.2p2.orig/kex.c 2018-01-15 09:48:31.399312732 -0500 ++++ openssh-7.2p2/kex.c 2018-01-15 09:48:31.399312732 -0500 +@@ -687,6 +687,8 @@ choose_comp(struct sshcomp *comp, char * + return SSH_ERR_NO_COMPRESS_ALG_MATCH; + if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; ++ } else if (strcmp(name, "zlib") == 0) { ++ comp->type = COMP_ZLIB; + } else if (strcmp(name, "none") == 0) { + comp->type = COMP_NONE; + } else { +Index: openssh-7.2p2/kex.h +=================================================================== +--- openssh-7.2p2.orig/kex.h 2018-01-15 09:48:31.399312732 -0500 ++++ openssh-7.2p2/kex.h 2018-01-15 09:48:31.399312732 -0500 +@@ -60,7 +60,8 @@ + #define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" + + #define COMP_NONE 0 +-#define COMP_DELAYED 1 ++#define COMP_ZLIB 1 ++#define COMP_DELAYED 2 + + #define CURVE25519_SIZE 32 + +Index: openssh-7.2p2/packet.c +=================================================================== +--- openssh-7.2p2.orig/packet.c 2018-01-15 09:48:31.399312732 -0500 ++++ openssh-7.2p2/packet.c 2018-01-15 09:48:31.399312732 -0500 +@@ -928,8 +928,9 @@ ssh_set_newkeys(struct ssh *ssh, int mod + /* explicit_bzero(enc->iv, enc->block_size); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); */ +- if (comp->type == COMP_DELAYED && state->after_authentication && +- comp->enabled == 0) { ++ if ((comp->type == COMP_ZLIB || ++ (comp->type == COMP_DELAYED && ++ state->after_authentication)) && comp->enabled == 0) { + if ((r = ssh_packet_init_compression(ssh)) < 0) + return r; + if (mode == MODE_OUT) { diff -Nru openssh-7.2p2/debian/patches/CVE-2017-15906.patch openssh-7.2p2/debian/patches/CVE-2017-15906.patch --- openssh-7.2p2/debian/patches/CVE-2017-15906.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssh-7.2p2/debian/patches/CVE-2017-15906.patch 2018-01-15 14:50:30.000000000 +0000 @@ -0,0 +1,27 @@ +Backport of: + +From a6981567e8e215acc1ef690c8dbb30f2d9b00a19 Mon Sep 17 00:00:00 2001 +From: djm +Date: Tue, 4 Apr 2017 00:24:56 +0000 +Subject: [PATCH] disallow creation (of empty files) in read-only mode; + reported by Michal Zalewski, feedback & ok deraadt@ + +--- + usr.bin/ssh/sftp-server.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: openssh-7.2p2/sftp-server.c +=================================================================== +--- openssh-7.2p2.orig/sftp-server.c 2018-01-15 09:50:28.811455123 -0500 ++++ openssh-7.2p2/sftp-server.c 2018-01-15 09:50:28.811455123 -0500 +@@ -695,8 +695,8 @@ process_open(u_int32_t id) + logit("open \"%s\" flags %s mode 0%o", + name, string_from_portable(pflags), mode); + if (readonly && +- ((flags & O_ACCMODE) == O_WRONLY || +- (flags & O_ACCMODE) == O_RDWR)) { ++ ((flags & O_ACCMODE) != O_RDONLY || ++ (flags & (O_CREAT|O_TRUNC)) != 0)) { + verbose("Refusing open request in read-only mode"); + status = SSH2_FX_PERMISSION_DENIED; + } else { diff -Nru openssh-7.2p2/debian/patches/hpn-AES-CTR-14.9.diff openssh-7.2p2/debian/patches/hpn-AES-CTR-14.9.diff --- openssh-7.2p2/debian/patches/hpn-AES-CTR-14.9.diff 2016-04-27 02:50:25.000000000 +0000 +++ openssh-7.2p2/debian/patches/hpn-AES-CTR-14.9.diff 2018-01-27 13:51:27.000000000 +0000 @@ -667,7 +667,7 @@ int r; if (none == NULL) { -@@ -2751,6 +2751,19 @@ ssh_packet_set_state(struct ssh *ssh, st +@@ -2659,6 +2659,19 @@ ssh_packet_set_state(struct ssh *ssh, st return 0; } @@ -691,7 +691,7 @@ =================================================================== --- openssh-7.2p2.orig/packet.h +++ openssh-7.2p2/packet.h -@@ -151,6 +151,8 @@ time_t ssh_packet_get_rekey_timeout(str +@@ -146,6 +146,8 @@ time_t ssh_packet_get_rekey_timeout(str void *ssh_packet_get_input(struct ssh *); void *ssh_packet_get_output(struct ssh *); @@ -745,7 +745,7 @@ =================================================================== --- openssh-7.2p2.orig/sshd.c +++ openssh-7.2p2/sshd.c -@@ -2371,6 +2371,24 @@ main(int ac, char **av) +@@ -2367,6 +2367,24 @@ main(int ac, char **av) notify_hostkeys(active_state); /* Start session. */ diff -Nru openssh-7.2p2/debian/patches/hpn-DynamicWindow-14.9.diff openssh-7.2p2/debian/patches/hpn-DynamicWindow-14.9.diff --- openssh-7.2p2/debian/patches/hpn-DynamicWindow-14.9.diff 2016-04-27 02:50:35.000000000 +0000 +++ openssh-7.2p2/debian/patches/hpn-DynamicWindow-14.9.diff 2018-01-27 13:51:33.000000000 +0000 @@ -644,7 +644,7 @@ =================================================================== --- openssh-7.2p2.orig/serverloop.c +++ openssh-7.2p2/serverloop.c -@@ -1041,8 +1041,12 @@ server_request_tun(void) +@@ -1045,8 +1045,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; @@ -657,7 +657,7 @@ c->datagram = 1; #if defined(SSH_TUN_FILTER) if (mode == SSH_TUNMODE_POINTOPOINT) -@@ -1078,6 +1082,8 @@ server_request_session(void) +@@ -1082,6 +1086,8 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); @@ -872,7 +872,7 @@ =================================================================== --- openssh-7.2p2.orig/sshd.c +++ openssh-7.2p2/sshd.c -@@ -1176,6 +1176,8 @@ server_listen(void) +@@ -1172,6 +1172,8 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -881,7 +881,7 @@ for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1216,6 +1218,11 @@ server_listen(void) +@@ -1212,6 +1214,11 @@ server_listen(void) debug("Bind to port %s on %s.", strport, ntop); @@ -893,7 +893,7 @@ /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { error("Bind to port %s on %s failed: %.200s.", -@@ -2163,6 +2170,9 @@ main(int ac, char **av) +@@ -2159,6 +2166,9 @@ main(int ac, char **av) cleanup_exit(255); } diff -Nru openssh-7.2p2/debian/patches/hpn-noneswitch-14.9.diff openssh-7.2p2/debian/patches/hpn-noneswitch-14.9.diff --- openssh-7.2p2/debian/patches/hpn-noneswitch-14.9.diff 2016-04-27 11:48:43.000000000 +0000 +++ openssh-7.2p2/debian/patches/hpn-noneswitch-14.9.diff 2018-01-27 13:51:45.000000000 +0000 @@ -63,7 +63,7 @@ --- openssh-7.2p2.orig/myproposal.h +++ openssh-7.2p2/myproposal.h @@ -160,6 +160,8 @@ - #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" + #define KEX_DEFAULT_COMP "none,zlib@openssh.com" #define KEX_DEFAULT_LANG "" +#define KEX_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT ",none" @@ -75,7 +75,7 @@ =================================================================== --- openssh-7.2p2.orig/packet.c +++ openssh-7.2p2/packet.c -@@ -1037,6 +1037,14 @@ ssh_set_newkeys(struct ssh *ssh, int mod +@@ -957,6 +957,14 @@ ssh_set_newkeys(struct ssh *ssh, int mod return 0; } @@ -90,7 +90,7 @@ #define MAX_PACKETS (1U<<31) static int ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -@@ -1055,6 +1063,10 @@ ssh_packet_need_rekeying(struct ssh *ssh +@@ -975,6 +983,10 @@ ssh_packet_need_rekeying(struct ssh *ssh /* Peer can't rekey */ if (ssh->compat & SSH_BUG_NOREKEY) return 0; @@ -101,7 +101,7 @@ /* * Permit one packet in or out per rekey - this allows us to -@@ -1082,6 +1094,14 @@ ssh_packet_need_rekeying(struct ssh *ssh +@@ -1002,6 +1014,14 @@ ssh_packet_need_rekeying(struct ssh *ssh (state->p_read.blocks > state->max_blocks_in)); } @@ -120,7 +120,7 @@ =================================================================== --- openssh-7.2p2.orig/packet.h +++ openssh-7.2p2/packet.h -@@ -140,6 +140,10 @@ int ssh_packet_inc_alive_timeouts(struc +@@ -135,6 +135,10 @@ int ssh_packet_inc_alive_timeouts(struc int ssh_packet_set_maxsize(struct ssh *, u_int); u_int ssh_packet_get_maxsize(struct ssh *); @@ -356,7 +356,7 @@ =================================================================== --- openssh-7.2p2.orig/sshd.c +++ openssh-7.2p2/sshd.c -@@ -2682,11 +2682,17 @@ do_ssh2_kex(void) +@@ -2678,11 +2678,17 @@ do_ssh2_kex(void) int r; myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( diff -Nru openssh-7.2p2/debian/patches/series openssh-7.2p2/debian/patches/series --- openssh-7.2p2/debian/patches/series 2017-04-22 15:28:16.000000000 +0000 +++ openssh-7.2p2/debian/patches/series 2018-01-27 13:49:25.000000000 +0000 @@ -34,6 +34,18 @@ ssh-keygen-hash-corruption.patch ssh-keyscan-hash-port.patch ssh-keygen-fix-null-deref.patch +CVE-2016-10009.patch +CVE-2016-10009-2.patch +CVE-2016-10009-3.patch +CVE-2016-10009-4.patch +CVE-2016-10010.patch +CVE-2016-10010-2.patch +CVE-2016-10011-pre.patch +CVE-2016-10011.patch +CVE-2016-10012-1.patch +CVE-2016-10012-2.patch +CVE-2016-10012-3.patch +CVE-2017-15906.patch hpn-AES-CTR-14.9.diff hpn-DynamicWindow-14.9.diff diff -Nru openssh-7.2p2/debian/patches/ssh-keyscan-hash-port.patch openssh-7.2p2/debian/patches/ssh-keyscan-hash-port.patch --- openssh-7.2p2/debian/patches/ssh-keyscan-hash-port.patch 2017-03-16 13:50:24.000000000 +0000 +++ openssh-7.2p2/debian/patches/ssh-keyscan-hash-port.patch 2018-01-27 13:51:05.000000000 +0000 @@ -19,11 +19,11 @@ ssh-keyscan.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) -diff --git a/ssh-keyscan.c b/ssh-keyscan.c -index c30d54e6..24b51ff1 100644 ---- a/ssh-keyscan.c -+++ b/ssh-keyscan.c -@@ -321,16 +321,17 @@ keygrab_ssh2(con *c) +Index: openssh-7.2p2/ssh-keyscan.c +=================================================================== +--- openssh-7.2p2.orig/ssh-keyscan.c ++++ openssh-7.2p2/ssh-keyscan.c +@@ -318,16 +318,17 @@ keygrab_ssh2(con *c) } static void