From nobody Fri Jul 21 14:52:13 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6swF4835z4nbgY; Fri, 21 Jul 2023 14:52:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6swF3brDz45YL; Fri, 21 Jul 2023 14:52:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689951133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dfvrt9SFMZfvbVNtQ28GeTcwyhNCd5PGqU1Gig0Bikc=; b=Ti1NB6xDZrSK0y9vSMDliJ0nYTZI4d1woYjij5TZj+XuBwr/tGn333VgOZDgj7K3HA5UqU eA15xNRGOD+G3Pmvp9m4WPnUqsKFJKgpb4ch3jk7KeRFVimhob7lXcwTqNEex1PJUbMEdX nU/++lEpZO0/+5HEE7KgPPjxAk6yLnkb09ZEEPv0Y2KXC84TPdF3k036tI8tXNxyJnS+od JXat0LG0iYXVuDEyQvWZfSnyVutF4O9CRn7HiKwwyCz32+IW80pBEKImX+o3aTubOVgSQ4 mGgsJxtm7CGCaPVZfrtKTkLqkT2Le3/MRo2Pg8SmpZpR1WyBRWwXhCNZYs0cCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689951133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dfvrt9SFMZfvbVNtQ28GeTcwyhNCd5PGqU1Gig0Bikc=; b=F9UdzcCP2iXl12H8LeonUvTl2LdtignFLnsctgmUIvWDLGRfgAoUaKObALppzlcQsLFY6u JkTEE7Z/ZxVAFQvkjeaoJWRdS9hcntu2zZmBQf7w6l2zb0xkCSr3AKDcOhxWiK9uflu43+ Nja+Dyy5/fV6QICC/ojxet7l6+2Wc5C9SDYlWHw9ERUOEQUnJAi2c3yyhzvoO8NJf7xDCs p+0JCdty+hwJcpJ0fN5c3zaWN0MoNu9gzdTJ15zDWB3Kyhe+It+g+xlj8XpXW815z7KegB +zOJ3TmJ3nKvN3Bb18Kssq2jlSD8CfE4TAjthol+mlwXNwKdRdzwPeYeCE1pOA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689951133; a=rsa-sha256; cv=none; b=IzvKKrll8pyqlSdYtj4N4M0BxNg++RGh0qjmfjmzC207zNhjphtQTgnoueMLSiZ7kuRakx prcbfTjaxnlST0EtHZFbTz8opHTErl0a4N768dntmc8mzBDz6nekjR8CiSc+YUUQMmrrUw sYxxntMnX8xOD4qMLGeLPy31bqYefL0DUoRONcTHqMaifVMP7cZ9A3mF9gN5eMzEGOb7n+ TLKz40sxNUiSL2sOmo3bHlliQRdl621fGDoDqUvVJE0Nei85hj2eC5xwXPfOam76P1N/cG AxiYxIOMV6GuG8ybSB2bsdS5CmkEULmFKrA8eVvWDeUJ6amkHe3mN5kP3c2Onw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6swF2BmDzHRN; Fri, 21 Jul 2023 14:52:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36LEqDVU041187; Fri, 21 Jul 2023 14:52:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36LEqDvU041186; Fri, 21 Jul 2023 14:52:13 GMT (envelope-from git) Date: Fri, 21 Jul 2023 14:52:13 GMT Message-Id: <202307211452.36LEqDvU041186@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: abf778208f10 - stable/12 - ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: abf778208f101f57ecf402230c69222641f0a032 Auto-Submitted: auto-generated The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=abf778208f101f57ecf402230c69222641f0a032 commit abf778208f101f57ecf402230c69222641f0a032 Author: Ed Maste AuthorDate: 2023-07-19 17:02:33 +0000 Commit: Ed Maste CommitDate: 2023-07-21 14:46:53 +0000 ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2 OpenSSH 9.3p2 provides a fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. This commit is the primary part of the fix in 9.3p2, applied to the OpenSSH version in FreeBSD 12.x. Security: CVE-2023-38408 Sponsored by: The FreeBSD Foundation --- crypto/openssh/ssh-pkcs11.c | 6 ++---- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c index b2e2b32a5078..9e48c134e411 100644 --- a/crypto/openssh/ssh-pkcs11.c +++ b/crypto/openssh/ssh-pkcs11.c @@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin, error("dlopen %s failed: %s", provider_id, dlerror()); goto fail; } - if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { - error("dlsym(C_GetFunctionList) failed: %s", dlerror()); - goto fail; - } + if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) + fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); p = xcalloc(1, sizeof(*p)); p->name = xstrdup(provider_id); p->handle = handle; diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 33c6e9a3b130..14a58ef4ddbb 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -106,7 +106,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20221019 +#VersionAddendum FreeBSD-20230719 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 34dc3648ed26..dd8623d9b4dd 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1822,7 +1822,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20221019 . +.Qq FreeBSD-20230719 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 30539ed442ca..3f7069aba20f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -6,4 +6,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20221019" +#define SSH_VERSION_FREEBSD "FreeBSD-20230719"