Bug#779517: unblock: putty/0.63-10
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock putty 0.63-10. This is mainly a CVE-assigned security
fix (which I cherry-picked rather than trying to get the new 0.64
release into jessie), but there are a couple of sub-CVE-level issues,
and two other small changes I think are worth including.
diff -Nru putty-0.63/debian/.git-dpm putty-0.63/debian/.git-dpm
--- putty-0.63/debian/.git-dpm 2014-10-12 20:43:25.000000000 +0100
+++ putty-0.63/debian/.git-dpm 2015-03-01 12:58:10.000000000 +0000
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-fa575a5eb77674f9b35cbad2d23c1090592197ca
-fa575a5eb77674f9b35cbad2d23c1090592197ca
+ec231f1fb9e91c21cc24fd0ce731d9bee7218613
+ec231f1fb9e91c21cc24fd0ce731d9bee7218613
6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8
6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8
putty_0.63.orig.tar.gz
diff -Nru putty-0.63/debian/changelog putty-0.63/debian/changelog
--- putty-0.63/debian/changelog 2014-10-12 20:47:43.000000000 +0100
+++ putty-0.63/debian/changelog 2015-03-01 12:59:16.000000000 +0000
@@ -1,3 +1,23 @@
+putty (0.63-10) unstable; urgency=medium
+
+ * Backport from upstream:
+ - Make kh2reg.py compatible with modern Python.
+ - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server
+ value.
+ - Fix an erroneous length field in SSH-1 key load.
+ - CVE-2015-2157: Fix failure to clear sensitive private key information
+ from memory (closes: #779488).
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 01 Mar 2015 12:59:15 +0000
+
+putty (0.63-9) unstable; urgency=medium
+
+ * Backport from upstream (Simon Tatham):
+ - Revert the default for font bolding style back to using colours rather
+ than fonts (closes: #772948).
+
+ -- Colin Watson <cjwatson@debian.org> Sat, 13 Dec 2014 10:11:04 +0000
+
putty (0.63-8) unstable; urgency=medium
* Backport from upstream (Simon Tatham), suggested by Jacob Nevins:
diff -Nru putty-0.63/debian/patches/enforce-dh-range.patch putty-0.63/debian/patches/enforce-dh-range.patch
--- putty-0.63/debian/patches/enforce-dh-range.patch 1970-01-01 01:00:00.000000000 +0100
+++ putty-0.63/debian/patches/enforce-dh-range.patch 2015-03-01 12:58:09.000000000 +0000
@@ -0,0 +1,89 @@
+From 1358a16471783c9c816fe9004de45ae7202bc976 Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sun, 1 Mar 2015 12:50:27 +0000
+Subject: Enforce acceptable range for Diffie-Hellman server value.
+
+Florent Daigniere of Matta points out that RFC 4253 actually
+_requires_ us to refuse to accept out-of-range values, though it isn't
+completely clear to me why this should be a MUST on the receiving end.
+
+Matta considers this to be a security vulnerability, on the grounds
+that if a server should accidentally send an obviously useless value
+such as 1 then we will fail to reject it and agree a key that an
+eavesdropper could also figure out. Their id for this vulnerability is
+MATTA-2015-002.
+
+Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=174476813f0ed94337aecc3e2d13a202a1dc2fa8
+Last-Update: 2015-03-01
+
+Patch-Name: enforce-dh-range.patch
+---
+ ssh.c | 7 +++++++
+ ssh.h | 1 +
+ sshdh.c | 23 +++++++++++++++++++++++
+ 3 files changed, 31 insertions(+)
+
+diff --git a/ssh.c b/ssh.c
+index 9eed54d..b543df1 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -6082,6 +6082,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
+ }
+ ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+
++ {
++ const char *err = dh_validate_f(ssh->kex_ctx, s->f);
++ if (err) {
++ bombout(("key exchange reply failed validation: %s", err));
++ crStopV;
++ }
++ }
+ s->K = dh_find_K(ssh->kex_ctx, s->f);
+
+ /* We assume everything from now on will be quick, and it might
+diff --git a/ssh.h b/ssh.h
+index 031fd97..ac5a10f 100644
+--- a/ssh.h
++++ b/ssh.h
+@@ -471,6 +471,7 @@ void *dh_setup_group(const struct ssh_kex *kex);
+ void *dh_setup_gex(Bignum pval, Bignum gval);
+ void dh_cleanup(void *);
+ Bignum dh_create_e(void *, int nbits);
++const char *dh_validate_f(void *handle, Bignum f);
+ Bignum dh_find_K(void *, Bignum f);
+
+ int loadrsakey(const Filename *filename, struct RSAKey *key,
+diff --git a/sshdh.c b/sshdh.c
+index c733b61..8f8ab2d 100644
+--- a/sshdh.c
++++ b/sshdh.c
+@@ -219,6 +219,29 @@ Bignum dh_create_e(void *handle, int nbits)
+ }
+
+ /*
++ * DH stage 2-epsilon: given a number f, validate it to ensure it's in
++ * range. (RFC 4253 section 8: "Values of 'e' or 'f' that are not in
++ * the range [1, p-1] MUST NOT be sent or accepted by either side."
++ * Also, we rule out 1 and p-1 too, since that's easy to do and since
++ * they lead to obviously weak keys that even a passive eavesdropper
++ * can figure out.)
++ */
++const char *dh_validate_f(void *handle, Bignum f)
++{
++ struct dh_ctx *ctx = (struct dh_ctx *)handle;
++ if (bignum_cmp(f, One) <= 0) {
++ return "f value received is too small";
++ } else {
++ Bignum pm1 = bigsub(ctx->p, One);
++ int cmp = bignum_cmp(f, pm1);
++ freebn(pm1);
++ if (cmp >= 0)
++ return "f value received is too large";
++ }
++ return NULL;
++}
++
++/*
+ * DH stage 2: given a number f, compute K = f^x mod p.
+ */
+ Bignum dh_find_K(void *handle, Bignum f)
diff -Nru putty-0.63/debian/patches/font-bolding-style-default.patch putty-0.63/debian/patches/font-bolding-style-default.patch
--- putty-0.63/debian/patches/font-bolding-style-default.patch 1970-01-01 01:00:00.000000000 +0100
+++ putty-0.63/debian/patches/font-bolding-style-default.patch 2015-03-01 12:58:09.000000000 +0000
@@ -0,0 +1,36 @@
+From 0a82f756c07d0266a6ff6f3b7fd86ccb1cd84040 Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Wed, 7 Aug 2013 06:22:52 +0000
+Subject: Revert default for font bolding style
+
+Revert the default for font bolding style back to using colours rather
+than fonts. I broke this in r9559 when I added the option for 'both',
+because the internal representation got offset by one so as to change
+from a boolean to two bitfields and I must have confused myself about
+what the default should be.
+
+[originally from svn r10008]
+[r9559 == bc6e0952ef1c27c577318ee3c0883c7823c7005b]
+
+Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=c0b6e0b9626baecab20ba6946dc26a75f187e2cf
+Bug-Debian: http://bugs.debian.org/772948
+Last-Update: 2014-12-13
+
+Patch-Name: font-bolding-style-default.patch
+---
+ settings.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/settings.c b/settings.c
+index 8bcfb21..2aae3f1 100644
+--- a/settings.c
++++ b/settings.c
+@@ -871,7 +871,7 @@ void load_open_settings(void *sesskey, Conf *conf)
+ gppi(sesskey, "TryPalette", 0, conf, CONF_try_palette);
+ gppi(sesskey, "ANSIColour", 1, conf, CONF_ansi_colour);
+ gppi(sesskey, "Xterm256Colour", 1, conf, CONF_xterm_256_colour);
+- i = gppi_raw(sesskey, "BoldAsColour", 0); conf_set_int(conf, CONF_bold_style, i+1);
++ i = gppi_raw(sesskey, "BoldAsColour", 1); conf_set_int(conf, CONF_bold_style, i+1);
+
+ for (i = 0; i < 22; i++) {
+ static const char *const defaults[] = {
diff -Nru putty-0.63/debian/patches/kh2reg-modern-python.patch putty-0.63/debian/patches/kh2reg-modern-python.patch
--- putty-0.63/debian/patches/kh2reg-modern-python.patch 1970-01-01 01:00:00.000000000 +0100
+++ putty-0.63/debian/patches/kh2reg-modern-python.patch 2015-03-01 12:58:09.000000000 +0000
@@ -0,0 +1,74 @@
+From 62044d3f09a28436c37b288913649bf3374f7c06 Mon Sep 17 00:00:00 2001
+From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
+Date: Sun, 1 Mar 2015 12:45:34 +0000
+Subject: Make kh2reg.py compatible with modern Python.
+
+Bare string exceptions aren't supported any more.
+Patch by Will Aoki, plus a backward compatibility tweak from Colin Watson.
+Seen working with Python 2.4.3 and 2.7.6.
+
+Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=56a42d09d43e91603f3fbf01f5781bcbbc54a6bd
+Last-Update: 2015-03-01
+
+Patch-Name: kh2reg-modern-python.patch
+---
+ contrib/kh2reg.py | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/contrib/kh2reg.py b/contrib/kh2reg.py
+index da62b3f..e6f27ef 100755
+--- a/contrib/kh2reg.py
++++ b/contrib/kh2reg.py
+@@ -9,7 +9,8 @@
+ # kh2reg.py --unix known_hosts1 2 3 4 ... > sshhostkeys
+ # Creates data suitable for storing in ~/.putty/sshhostkeys (Unix).
+ # Line endings are someone else's problem as is traditional.
+-# Developed for Python 1.5.2.
++# Originally developed for Python 1.5.2, but probably won't run on that
++# any more.
+
+ import fileinput
+ import base64
+@@ -64,6 +65,13 @@ if output_type == 'windows':
+ [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys]
+ """)
+
++class BlankInputLine(Exception):
++ pass
++
++class UnknownKeyType(Exception):
++ def __init__(self, keytype):
++ self.keytype = keytype
++
+ # Now process all known_hosts input.
+ for line in fileinput.input(args):
+
+@@ -73,7 +81,7 @@ for line in fileinput.input(args):
+
+ # Skip blanks and comments
+ if line == '' or line[0] == '#':
+- raise "Skipping input line"
++ raise BlankInputLine
+
+ # Split line on spaces.
+ fields = string.split (line, ' ')
+@@ -120,7 +128,7 @@ for line in fileinput.input(args):
+ if sshkeytype == "ssh-rsa": keytype = "rsa2"
+ elif sshkeytype == "ssh-dss": keytype = "dss"
+ else:
+- raise "Unknown SSH key type", sshkeytype
++ raise UnknownKeyType(sshkeytype)
+
+ # Now print out one line per host pattern, discarding wildcards.
+ for host in string.split (hostpat, ','):
+@@ -151,7 +159,7 @@ for line in fileinput.input(args):
+ sys.stdout.write("\"%s\"=\"%s\"\n"
+ % (winmungestr(key), value))
+
+- except "Unknown SSH key type", k:
+- sys.stderr.write("Unknown SSH key type '%s', skipping\n" % k)
+- except "Skipping input line":
++ except UnknownKeyType, k:
++ sys.stderr.write("Unknown SSH key type '%s', skipping\n" % k.keytype)
++ except BlankInputLine:
+ pass
diff -Nru putty-0.63/debian/patches/private-key-not-wiped-2.patch putty-0.63/debian/patches/private-key-not-wiped-2.patch
--- putty-0.63/debian/patches/private-key-not-wiped-2.patch 1970-01-01 01:00:00.000000000 +0100
+++ putty-0.63/debian/patches/private-key-not-wiped-2.patch 2015-03-01 12:58:10.000000000 +0000
@@ -0,0 +1,70 @@
+From ec231f1fb9e91c21cc24fd0ce731d9bee7218613 Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sun, 1 Mar 2015 12:55:31 +0000
+Subject: Add some missing smemclrs and sfrees.
+
+The absence of these could have prevented sensitive private key
+information from being properly cleared out of memory that PuTTY tools
+had finished with.
+
+Thanks to Patrick Coleman for spotting this and sending a patch.
+
+Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d
+Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
+Bug-Debian: http://bugs.debian.org/779488
+
+Patch-Name: private-key-not-wiped-2.patch
+---
+ sshpubk.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/sshpubk.c b/sshpubk.c
+index 8cb4bf1..753370d 100644
+--- a/sshpubk.c
++++ b/sshpubk.c
+@@ -844,6 +844,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
+ goto error;
+ }
+ sfree(public_blob);
++ smemclr(private_blob, private_blob_len);
+ sfree(private_blob);
+ sfree(encryption);
+ if (errorstr)
+@@ -864,8 +865,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
+ sfree(mac);
+ if (public_blob)
+ sfree(public_blob);
+- if (private_blob)
+- sfree(private_blob);
++ if (private_blob) {
++ smemclr(private_blob, private_blob_len);
++ sfree(private_blob);
++ }
+ if (errorstr)
+ *errorstr = error;
+ return ret;
+@@ -1154,8 +1157,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
+ }
+
+ fp = f_open(filename, "w", TRUE);
+- if (!fp)
+- return 0;
++ if (!fp) {
++ sfree(pub_blob);
++ smemclr(priv_blob, priv_blob_len);
++ sfree(priv_blob);
++ smemclr(priv_blob_encrypted, priv_blob_len);
++ sfree(priv_blob_encrypted);
++ return 0;
++ }
+ fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
+ fprintf(fp, "Encryption: %s\n", cipherstr);
+ fprintf(fp, "Comment: %s\n", key->comment);
+@@ -1172,6 +1181,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
+ sfree(pub_blob);
+ smemclr(priv_blob, priv_blob_len);
+ sfree(priv_blob);
++ smemclr(priv_blob_encrypted, priv_blob_len);
+ sfree(priv_blob_encrypted);
+ return 1;
+ }
diff -Nru putty-0.63/debian/patches/series putty-0.63/debian/patches/series
--- putty-0.63/debian/patches/series 2014-10-12 20:43:25.000000000 +0100
+++ putty-0.63/debian/patches/series 2015-03-01 12:58:10.000000000 +0000
@@ -8,3 +8,8 @@
gtk-timer-leak-1.patch
gtk-timer-leak-2.patch
dynamic-tunnel-session.patch
+font-bolding-style-default.patch
+kh2reg-modern-python.patch
+enforce-dh-range.patch
+ssh-1-key-load-length.patch
+private-key-not-wiped-2.patch
diff -Nru putty-0.63/debian/patches/ssh-1-key-load-length.patch putty-0.63/debian/patches/ssh-1-key-load-length.patch
--- putty-0.63/debian/patches/ssh-1-key-load-length.patch 1970-01-01 01:00:00.000000000 +0100
+++ putty-0.63/debian/patches/ssh-1-key-load-length.patch 2015-03-01 12:58:09.000000000 +0000
@@ -0,0 +1,32 @@
+From 311ccf95a87f611fee426018bb4d6b7244c7da7e Mon Sep 17 00:00:00 2001
+From: Simon Tatham <anakin@pobox.com>
+Date: Sun, 1 Mar 2015 12:53:44 +0000
+Subject: Fix an erroneous length field in SSH-1 key load.
+
+We incremented buf by a few bytes, so we must decrement the
+corresponding length by the same amount, or else makekey() could
+overrun.
+
+Thanks to Patrick Coleman for the patch.
+
+Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=1f757928051b6d6ff231b2265bad2d263b0fe3ea
+Last-Update: 2015-03-01
+
+Patch-Name: ssh-1-key-load-length.patch
+---
+ sshpubk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sshpubk.c b/sshpubk.c
+index ac9e0fa..8cb4bf1 100644
+--- a/sshpubk.c
++++ b/sshpubk.c
+@@ -67,7 +67,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
+ i += 4;
+
+ /* Now the serious stuff. An ordinary SSH-1 public key. */
+- j = makekey(buf + i, len, key, NULL, 1);
++ j = makekey(buf + i, len - i, key, NULL, 1);
+ if (j < 0)
+ goto end; /* overran */
+ i += j;
unblock putty/0.63-10
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: