Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: filezilla@packages.debian.org Control: affects -1 + src:filezilla [ Reason ] This will address the no-DSA CVE-2023-48795. The vulnerability has been fixed in sid and trixie. https://security-tracker.debian.org/tracker/CVE-2023-48795 [ Impact ] The impact of putty itself and by proxy also for the SFTP support in filezilla is fortunately very limited : At most an attacker could use abuse terrapin to force the use of SHA1 as negotiated during the server-sig-algs exchange: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html [ Tests ] The fix has been extensively tested by upstream. I have built affected filezilla versions with and without patching and performed a variety of connection, transfer and general use tests to be sure this update will work as users expect. [ Risks ] The updating of the embedded putty within filezilla from upstream commits was very straightforward and is minimal risk. The only variation from upstream is to add the PTRLEN_DECL_LITERAL define macro that was added to putty after the filezilla release in bullseye fixing compile errors. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Other info ] None. Regards Phil -- Playing the game for the games sake. Web: * Debian Wiki: https://wiki.debian.org/PhilWyett * Website: https://kathenas.org * Social Debian: https://pleroma.debian.social/kathenas/ * Social Instagram: https://www.instagram.com/kathenasorg/
diff -Nru filezilla-3.52.2/debian/changelog filezilla-3.52.2/debian/changelog
--- filezilla-3.52.2/debian/changelog 2021-01-21 10:38:25.000000000 +0000
+++ filezilla-3.52.2/debian/changelog 2023-12-26 21:06:56.000000000 +0000
@@ -1,3 +1,10 @@
+filezilla (3.52.2-3+deb11u1) bullseye; urgency=medium
+
+ * [CVE-2023-48795] - Add patch: CVE-2023-48795.patch.
+ - Ref: https://security-tracker.debian.org/tracker/CVE-2023-48795
+
+ -- Phil Wyett <philip.wyett@kathenas.org> Tue, 26 Dec 2023 21:06:56 +0000
+
filezilla (3.52.2-3) unstable; urgency=medium
[Phil Wyett]
diff -Nru filezilla-3.52.2/debian/patches/CVE-2023-48795.patch filezilla-3.52.2/debian/patches/CVE-2023-48795.patch
--- filezilla-3.52.2/debian/patches/CVE-2023-48795.patch 1970-01-01 01:00:00.000000000 +0100
+++ filezilla-3.52.2/debian/patches/CVE-2023-48795.patch 2023-12-26 21:06:56.000000000 +0000
@@ -0,0 +1,279 @@
+Description: Cherry pick and modify upstream fix for CVE-2023-48795.
+
+Picked from upstream commits:
+
+filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11047
+filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11048
+filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11049
+filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11051
+
+Other:
+
+In 'src/putty/misc.h' addition of macro 'PTRLEN_DECL_LITERAL' from PUTTY upstream.
+
+Author: Phil Wyett <philip.wyett@kathenas.org>
+
+================================================================================
+--- a/src/putty/ssh2transport.c
++++ b/src/putty/ssh2transport.c
+@@ -26,6 +26,11 @@ const static ssh2_macalg *const buggymacs[] = {
+ &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
+ };
+
++const static ptrlen kex_strict_c =
++ PTRLEN_DECL_LITERAL("kex-strict-c-v00@openssh.com");
++const static ptrlen kex_strict_s =
++ PTRLEN_DECL_LITERAL("kex-strict-s-v00@openssh.com");
++
+ static ssh_compressor *ssh_comp_none_init(void)
+ {
+ return NULL;
+@@ -385,6 +390,31 @@ static bool ssh2_transport_filter_queue(struct ssh2_transport_state *s)
+ {
+ PktIn *pktin;
+
++ if (!s->enabled_incoming_crypto) {
++ /*
++ * Record the fact that we've seen any non-KEXINIT packet at
++ * the head of our queue.
++ *
++ * This enables us to check later that the initial incoming
++ * KEXINIT was the very first packet, if scanning the KEXINITs
++ * turns out to enable strict-kex mode.
++ */
++ PktIn *pktin = pq_peek(s->ppl.in_pq);
++ if (pktin && pktin->type != SSH2_MSG_KEXINIT)
++ s->seen_non_kexinit = true;
++
++ if (s->strict_kex) {
++ /*
++ * Also, if we're already in strict-KEX mode and haven't
++ * turned on crypto yet, don't do any actual filtering.
++ * This ensures that extraneous packets _after_ the
++ * KEXINIT will go to the main coroutine, which will
++ * complain about them.
++ */
++ return false;
++ }
++ }
++
+ while (1) {
+ if (ssh2_common_filter_queue(&s->ppl))
+ return true;
+@@ -757,6 +787,13 @@ static void ssh2_write_kexinit_lists(
+ add_to_commasep(list, kexlists[i][j].name);
+ }
+ }
++ if (i == KEXLIST_KEX && first_time) {
++ if (our_hostkeys) { /* we're the server */
++ add_to_commasep_pl(list, kex_strict_s);
++ } else { /* we're the client */
++ add_to_commasep_pl(list, kex_strict_c);
++ }
++ }
+ put_stringsb(pktout, list);
+ }
+ /* List client->server languages. Empty list. */
+@@ -765,14 +802,23 @@ static void ssh2_write_kexinit_lists(
+ put_stringz(pktout, "");
+ }
+
++static bool kexinit_keyword_found(ptrlen list, ptrlen keyword)
++{
++ for (ptrlen word; get_commasep_word(&list, &word) ;)
++ if (ptrlen_eq_ptrlen(word, keyword))
++ return true;
++ return false;
++}
++
+ static bool ssh2_scan_kexinits(
+- ptrlen client_kexinit, ptrlen server_kexinit,
++ ptrlen client_kexinit, ptrlen server_kexinit, bool we_are_server,
+ struct kexinit_algorithm kexlists[NKEXLIST][MAXKEXLIST],
+ const ssh_kex **kex_alg, const ssh_keyalg **hostkey_alg,
+ transport_direction *cs, transport_direction *sc,
+ bool *warn_kex, bool *warn_hk, bool *warn_cscipher, bool *warn_sccipher,
+ Ssh *ssh, bool *ignore_guess_cs_packet, bool *ignore_guess_sc_packet,
+- int *n_server_hostkeys, int server_hostkeys[MAXKEXLIST])
++ int *n_server_hostkeys, int server_hostkeys[MAXKEXLIST],
++ bool first_time, bool *strict_kex)
+ {
+ BinarySource client[1], server[1];
+ int i;
+@@ -971,6 +1017,14 @@ static bool ssh2_scan_kexinits(
+ }
+ }
+
++ /*
++ * Check whether the other side advertised support for kex-strict.
++ */
++ if (first_time && kexinit_keyword_found(
++ we_are_server ? clists[KEXLIST_KEX] : slists[KEXLIST_KEX],
++ we_are_server ? kex_strict_c : kex_strict_s))
++ *strict_kex = true;
++
+ if (server_hostkeys) {
+ /*
+ * Finally, make an auxiliary pass over the server's host key
+@@ -1138,12 +1192,26 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
+
+ if (!ssh2_scan_kexinits(
+ ptrlen_from_strbuf(s->client_kexinit),
+- ptrlen_from_strbuf(s->server_kexinit),
++ ptrlen_from_strbuf(s->server_kexinit), s->ssc != NULL,
+ s->kexlists, &s->kex_alg, &s->hostkey_alg, s->cstrans,
+ s->sctrans, &s->warn_kex, &s->warn_hk, &s->warn_cscipher,
+- &s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks))
++ &s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks,
++ !s->got_session_id, &s->strict_kex))
+ return; /* false means a fatal error function was called */
+
++ /*
++ * If we've just turned on strict kex mode, say so, and
++ * retrospectively fault any pre-KEXINIT extraneous packets.
++ */
++ if (!s->got_session_id && s->strict_kex) {
++ ppl_logevent("Enabling strict key exchange semantics");
++ if (s->seen_non_kexinit) {
++ ssh_proto_error(s->ppl.ssh, "Received a packet before KEXINIT "
++ "in strict-kex mode");
++ return;
++ }
++ }
++
+ /*
+ * In addition to deciding which host key we're actually going
+ * to use, we should make a list of the host keys offered by
+@@ -1333,7 +1401,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
+ s->ppl.bpp,
+ s->out.cipher, cipher_key->u, cipher_iv->u,
+ s->out.mac, s->out.etm_mode, mac_key->u,
+- s->out.comp, s->out.comp_delayed);
++ s->out.comp, s->out.comp_delayed,
++ s->strict_kex);
++ s->enabled_outgoing_crypto = true;
+
+ strbuf_free(cipher_key);
+ strbuf_free(cipher_iv);
+@@ -1388,7 +1458,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
+ s->ppl.bpp,
+ s->in.cipher, cipher_key->u, cipher_iv->u,
+ s->in.mac, s->in.etm_mode, mac_key->u,
+- s->in.comp, s->in.comp_delayed);
++ s->in.comp, s->in.comp_delayed,
++ s->strict_kex);
++ s->enabled_incoming_crypto = true;
+
+ strbuf_free(cipher_key);
+ strbuf_free(cipher_iv);
+--- a/src/putty/ssh2transport.h
++++ b/src/putty/ssh2transport.h
+@@ -180,6 +180,8 @@ struct ssh2_transport_state {
+ bool need_gss_transient_hostkey;
+ bool warned_about_no_gss_transient_hostkey;
+ bool got_session_id;
++ bool strict_kex, enabled_outgoing_crypto, enabled_incoming_crypto;
++ bool seen_non_kexinit;
+ int dlgret;
+ bool guessok;
+ bool ignorepkt;
+--- a/src/putty/misc.h.orig 2023-12-26 22:08:53.058083841 +0000
++++ b/src/putty/misc.h 2023-12-26 22:13:21.182448292 +0000
+@@ -205,6 +205,10 @@
+ * string. */
+ #define PTRLEN_LITERAL(stringlit) \
+ TYPECHECK("" stringlit "", make_ptrlen(stringlit, sizeof(stringlit)-1))
++/* Make a ptrlen out of a compile-time string literal in a way that
++ * allows you to declare the ptrlen itself as a compile-time initialiser. */
++#define PTRLEN_DECL_LITERAL(stringlit) \
++ { TYPECHECK("" stringlit "", stringlit), sizeof(stringlit)-1 }
+ /* Make a ptrlen out of a constant byte array. */
+ #define PTRLEN_FROM_CONST_BYTES(a) make_ptrlen(a, sizeof(a))
+
+--- a/src/putty/ssh.h.orig 2023-12-26 21:19:06.825369623 +0000
++++ b/src/putty/ssh.h 2023-12-26 21:20:06.546429641 +0000
+@@ -1555,6 +1555,7 @@
+ alloc_channel_id_general(tree, offsetof(type, localid)))
+
+ void add_to_commasep(strbuf *buf, const char *data);
++void add_to_commasep_pl(strbuf *buf, ptrlen data);
+ bool get_commasep_word(ptrlen *list, ptrlen *word);
+
+ int verify_ssh_manual_host_key(
+--- a/src/putty/ssh2bpp.c.orig 2021-06-29 09:59:07.000000000 +0100
++++ b/src/putty/ssh2bpp.c 2023-12-22 09:48:54.045561126 +0000
+@@ -115,7 +115,8 @@
+ BinaryPacketProtocol *bpp,
+ const ssh_cipheralg *cipher, const void *ckey, const void *iv,
+ const ssh2_macalg *mac, bool etm_mode, const void *mac_key,
+- const ssh_compression_alg *compression, bool delayed_compression)
++ const ssh_compression_alg *compression, bool delayed_compression,
++ bool reset_sequence_number)
+ {
+ struct ssh2_bpp_state *s;
+ assert(bpp->vt == &ssh2_bpp_vtable);
+@@ -155,6 +156,9 @@
+ s->out.mac = NULL;
+ }
+
++ if (reset_sequence_number)
++ s->out.sequence = 0;
++
+ if (delayed_compression && !s->seen_userauth_success) {
+ s->out.pending_compression = compression;
+ s->out_comp = NULL;
+@@ -179,7 +183,8 @@
+ BinaryPacketProtocol *bpp,
+ const ssh_cipheralg *cipher, const void *ckey, const void *iv,
+ const ssh2_macalg *mac, bool etm_mode, const void *mac_key,
+- const ssh_compression_alg *compression, bool delayed_compression)
++ const ssh_compression_alg *compression, bool delayed_compression,
++ bool reset_sequence_number)
+ {
+ struct ssh2_bpp_state *s;
+ assert(bpp->vt == &ssh2_bpp_vtable);
+@@ -237,6 +242,9 @@
+ * start consuming the input data again. */
+ s->pending_newkeys = false;
+
++ if (reset_sequence_number)
++ s->in.sequence = 0;
++
+ /* And schedule a run of handle_input, in case there's already
+ * input data in the queue. */
+ queue_idempotent_callback(&s->bpp.ic_in_raw);
+--- a/src/putty/sshbpp.h.orig 2021-06-29 09:59:07.000000000 +0100
++++ b/src/putty/sshbpp.h 2023-12-22 09:53:53.327065403 +0000
+@@ -138,12 +138,14 @@
+ BinaryPacketProtocol *bpp,
+ const ssh_cipheralg *cipher, const void *ckey, const void *iv,
+ const ssh2_macalg *mac, bool etm_mode, const void *mac_key,
+- const ssh_compression_alg *compression, bool delayed_compression);
++ const ssh_compression_alg *compression, bool delayed_compression,
++ bool reset_sequence_number);
+ void ssh2_bpp_new_incoming_crypto(
+ BinaryPacketProtocol *bpp,
+ const ssh_cipheralg *cipher, const void *ckey, const void *iv,
+ const ssh2_macalg *mac, bool etm_mode, const void *mac_key,
+- const ssh_compression_alg *compression, bool delayed_compression);
++ const ssh_compression_alg *compression, bool delayed_compression,
++ bool reset_sequence_number);
+
+ /*
+ * A query method specific to the interface between ssh2transport and
+--- a/src/putty/sshcommon.c.orig 2021-06-29 09:59:07.000000000 +0100
++++ b/src/putty/sshcommon.c 2023-12-22 11:20:35.839502891 +0000
+@@ -606,6 +606,13 @@
+ * lists of protocol identifiers in SSH-2.
+ */
+
++void add_to_commasep_pl(strbuf *buf, ptrlen data)
++{
++ if (buf->len > 0)
++ put_byte(buf, ',');
++ put_datapl(buf, data);
++}
++
+ void add_to_commasep(strbuf *buf, const char *data)
+ {
+ if (buf->len > 0)
diff -Nru filezilla-3.52.2/debian/patches/series filezilla-3.52.2/debian/patches/series
--- filezilla-3.52.2/debian/patches/series 2021-01-18 21:28:06.000000000 +0000
+++ filezilla-3.52.2/debian/patches/series 2023-12-26 21:06:56.000000000 +0000
@@ -1,2 +1,3 @@
01_remove-xdg-check.patch
# 11_use-decimal-si-by-default.patch
+CVE-2023-48795.patch
Attachment:
signature.asc
Description: This is a digitally signed message part