--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Regression in 7.4 server-sig-algs / SHA2
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Tue, 09 Jun 2020 17:25:29 +0200
- Message-id: <159171632955.29978.323040168002071939.reportbug@hullmann.westfalen.local>
Source: openssh
Version: 1:7.4p1-10+deb9u7
Severity: important
Tags: patch
Hi,
openssh 7.4 is affected by a regression which omits rsa-sha2-256 /
rsa-sha2-512 from server-sig-algs:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2020-May/038533.html
Stretch will be supported for another ~ two years, so it would be
great to get this fixed in the upcoming 9.12 point release.
Attached debdiff backports the upstream fix. I'd be happy to coordinate
with (old)stable release managers to submit the update for 9.12.
When logging in with openssh-client from unstable to a stretch sshd
running on STRETCHSERVER and avoiding ssh-rsa the login fails:
(which presents server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>)
-------
jmm@soju:~$ ssh -o PubkeyAcceptedKeyTypes=-ssh-rsa -vvv STRETCHSERVER |& grep server-sig-algs
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
Password:
-------
With the backported fix:
(which presents server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,
rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521,null>)
-------
jmm@soju:~$ ssh -o PubkeyAcceptedKeyTypes=-ssh-rsa STRETCHSERVER
Linux STRETCHSERVER 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16) x86_64
Debian GNU/Linux 9.12 (stretch)
jmm@STRETCHSERVER:~$
-------
Cheers,
Moritz
diff -Nru openssh-7.4p1/debian/changelog openssh-7.4p1/debian/changelog
--- openssh-7.4p1/debian/changelog 2019-07-15 13:32:09.000000000 +0000
+++ openssh-7.4p1/debian/changelog 2020-06-04 14:45:31.000000000 +0000
@@ -1,3 +1,10 @@
+openssh (1:7.4p1-10+deb9u8) stretch; urgency=medium
+
+ * Fix regression in 7.4 server-sig-algs, this led to SHA2 RSA
+ signature methods being excluded
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Thu, 04 Jun 2020 14:45:31 +0000
+
openssh (1:7.4p1-10+deb9u7) stretch; urgency=medium
* Fix deadlock when the keys/principals command produces a lot of
diff -Nru openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch
--- openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch 1970-01-01 00:00:00.000000000 +0000
+++ openssh-7.4p1/debian/patches/fix-regression-in-server-sig-algs.patch 2020-06-04 14:44:58.000000000 +0000
@@ -0,0 +1,77 @@
+From 183ba55aaaecca0206184b854ad6155df237adbe Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 10 Mar 2017 04:07:20 +0000
+Subject: upstream commit
+
+fix regression in 7.4 server-sig-algs, where we were
+accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
+Goncalves; ok dtucker@
+
+Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
+
+[ backported to 7.4p1 ]
+
+diff -aur openssh-7.4p1.orig/kex.c openssh-7.4p1/kex.c
+--- openssh-7.4p1.orig/kex.c 2020-06-03 15:40:06.000000000 +0200
++++ openssh-7.4p1/kex.c 2020-06-03 15:54:45.461050249 +0200
+@@ -359,7 +359,7 @@
+ int r;
+ char *algs;
+
+- if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
++ if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
+ (r = sshpkt_put_u32(ssh, 1)) != 0 ||
+diff -aur openssh-7.4p1.orig/ssh.c openssh-7.4p1/ssh.c
+--- openssh-7.4p1.orig/ssh.c 2020-06-03 15:40:06.000000000 +0200
++++ openssh-7.4p1/ssh.c 2020-06-03 15:54:45.461050249 +0200
+@@ -684,11 +684,11 @@
+ else if (strcmp(optarg, "kex") == 0)
+ cp = kex_alg_list('\n');
+ else if (strcmp(optarg, "key") == 0)
+- cp = sshkey_alg_list(0, 0, '\n');
++ cp = sshkey_alg_list(0, 0, 0, '\n');
+ else if (strcmp(optarg, "key-cert") == 0)
+- cp = sshkey_alg_list(1, 0, '\n');
++ cp = sshkey_alg_list(1, 0, 0, '\n');
+ else if (strcmp(optarg, "key-plain") == 0)
+- cp = sshkey_alg_list(0, 1, '\n');
++ cp = sshkey_alg_list(0, 1, 0, '\n');
+ else if (strcmp(optarg, "protocol-version") == 0) {
+ #ifdef WITH_SSH1
+ cp = xstrdup("1\n2");
+diff -aur openssh-7.4p1.orig/sshkey.c openssh-7.4p1/sshkey.c
+--- openssh-7.4p1.orig/sshkey.c 2020-06-03 15:40:06.000000000 +0200
++++ openssh-7.4p1/sshkey.c 2020-06-03 15:53:51.176514438 +0200
+@@ -196,14 +196,16 @@
+ }
+
+ char *
+-sshkey_alg_list(int certs_only, int plain_only, char sep)
++sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
+ {
+ char *tmp, *ret = NULL;
+ size_t nlen, rlen = 0;
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+- if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL)
++ if (kt->name == NULL)
++ continue;
++ if (!include_sigonly && kt->sigonly)
+ continue;
+ if ((certs_only && !kt->cert) || (plain_only && kt->cert))
+ continue;
+diff -aur openssh-7.4p1.orig/sshkey.h openssh-7.4p1/sshkey.h
+--- openssh-7.4p1.orig/sshkey.h 2020-06-03 15:40:06.000000000 +0200
++++ openssh-7.4p1/sshkey.h 2020-06-03 15:54:45.461050249 +0200
+@@ -157,7 +157,7 @@
+ const char *sshkey_ssh_name(const struct sshkey *);
+ const char *sshkey_ssh_name_plain(const struct sshkey *);
+ int sshkey_names_valid2(const char *, int);
+-char *sshkey_alg_list(int, int, char);
++char *sshkey_alg_list(int, int, int, char);
+
+ int sshkey_from_blob(const u_char *, size_t, struct sshkey **);
+ int sshkey_fromb(struct sshbuf *, struct sshkey **);
diff -Nru openssh-7.4p1/debian/patches/series openssh-7.4p1/debian/patches/series
--- openssh-7.4p1/debian/patches/series 2019-07-15 13:31:41.000000000 +0000
+++ openssh-7.4p1/debian/patches/series 2020-06-04 14:45:12.000000000 +0000
@@ -45,3 +45,4 @@
check-filenames-in-scp-client.patch
scp-handle-braces.patch
fix-deadlock-in-keys-principals-command.patch
+fix-regression-in-server-sig-algs.patch
--- End Message ---