openssh: backport Debian patch for CVE-2023-48795

import patches from ubuntu to fix CVE-2023-48795 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches?h=ubuntu%2Ffocal-security Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5] Reference: https://ubuntu.com/security/CVE-2023-48795 (From OE-Core rev: 4026a1cc3aa242a80c306b34b030f05d41b55dda) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-12-22 20:07:20 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-12-29 05:29:14 -1000
commit: fc412fa80da3a85de1792b48b68f92ddfe0e033a (patch)
tree: 517f7619f24611ebf757be3386c3b3a2d8e68237
parent: 0aa12e491969eac7050b6b2c6665a3fdbc070c3d (diff)
download: poky-fc412fa80da3a85de1792b48b68f92ddfe0e033a.tar.gz
2 files changed, 469 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
new file mode 100644
index 0000000000..57c45e3d93
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
@@ -0,0 +1,468 @@
+(modified to not remove ssh_packet_read_expect(), to add to
+KexAlgorithms in sshd.c and sshconnect2.c as this version pre-dates
+kex_proposal_populate_entries(), replace debug*_f() with debug*(),
+error*_f() with error*(), and fatal_f() with fatal())
+Backport of:
+From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 18 Dec 2023 14:45:17 +0000
+Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd
+This adds a protocol extension to improve the integrity of the SSH
+transport protocol, particular in and around the initial key exchange
+(KEX) phase.
+Full details of the extension are in the PROTOCOL file.
+with markus@
+OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2023-48795.patch?h=ubuntu/focal-security
+Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5]
+CVE: CVE-2023-48795
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ PROTOCOL      | 26 +++++++++++++++++
+ kex.c         | 68 +++++++++++++++++++++++++++++++++-----------
+ kex.h         |  1 +
+ packet.c      | 78 ++++++++++++++++++++++++++++++++++++++-------------
+ sshconnect2.c | 14 +++------
+ sshd.c        |  7 +++--
+ 6 files changed, 146 insertions(+), 48 deletions(-)
+diff --git a/PROTOCOL b/PROTOCOL
+index f75c1c0..89bddfe 100644
+--- a/PROTOCOL
+++ b/PROTOCOL
+@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curve25519 for key exchange as
+ described at:
+ http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
+ 
+1.9 transport: strict key exchange extension
+
+OpenSSH supports a number of transport-layer hardening measures under
+a "strict KEX" feature. This feature is signalled similarly to the
+RFC8308 ext-info feature: by including a additional algorithm in the
+initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
+"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
+may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
+are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
+if they are present in subsequent SSH2_MSG_KEXINIT packets.
+
+When an endpoint that supports this extension observes this algorithm
+name in a peer's KEXINIT packet, it MUST make the following changes to
+the the protocol:
+
+a) During initial KEX, terminate the connection if any unexpected or
+   out-of-sequence packet is received. This includes terminating the
+   connection if the first packet received is not SSH2_MSG_KEXINIT.
+   Unexpected packets for the purpose of strict KEX include messages
+   that are otherwise valid at any time during the connection such as
+   SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
+b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
+   packet sequence number to zero. This behaviour persists for the
+   duration of the connection (i.e. not just the first
+   SSH2_MSG_NEWKEYS).
+
+ 2. Connection protocol changes
+ 
+ 2.1. connection: Channel write close extension "eow@openssh.com"
+diff --git a/kex.c b/kex.c
+index ce85f04..3129a4e 100644
+--- a/kex.c
+++ b/kex.c
+@@ -63,7 +63,7 @@
+ #include "digest.h"
+ 
+ /* prototype */
+-static int kex_choose_conf(struct ssh *);
+static int kex_choose_conf(struct ssh *, uint32_t seq);
+ static int kex_input_newkeys(int, u_int32_t, struct ssh *);
+ 
+ static const char *proposal_names[PROPOSAL_MAX] = {
+@@ -173,6 +173,18 @@ kex_names_valid(const char *names)
+        return 1;
+ }
+ 
+/* returns non-zero if proposal contains any algorithm from algs */
+static int
+has_any_alg(const char *proposal, const char *algs)
+{
+       char *cp;
+
+       if ((cp = match_list(proposal, algs, NULL)) == NULL)
+               return 0;
+       free(cp);
+       return 1;
+}
+
+ /*
+  * Concatenate algorithm names, avoiding duplicates in the process.
+  * Caller must free returned string.
+@@ -180,7 +192,7 @@ kex_names_valid(const char *names)
+ char *
+ kex_names_cat(const char *a, const char *b)
+ {
+-       char *ret = NULL, *tmp = NULL, *cp, *p, *m;
+       char *ret = NULL, *tmp = NULL, *cp, *p;
+        size_t len;
+ 
+        if (a == NULL || *a == '\0')
+@@ -197,10 +209,8 @@ kex_names_cat(const char *a, const char *b)
+        }
+        strlcpy(ret, a, len);
+        for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
+-               if ((m = match_list(ret, p, NULL)) != NULL) {
+-                       free(m);
+               if (has_any_alg(ret, p))
+                        continue; /* Algorithm already present */
+-               }
+                if (strlcat(ret, ",", len) >= len ||
+                    strlcat(ret, p, len) >= len) {
+                        free(tmp);
+@@ -409,7 +419,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
+ {
+        int r;
+ 
+-       error("kex protocol error: type %d seq %u", type, seq);
+       /* If in strict mode, any unexpected message is an error */
+       if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
+               ssh_packet_disconnect(ssh, "strict KEX violation: "
+                   "unexpected packet type %u (seqnr %u)", type, seq);
+       }
+       error("type %u seq %u", type, seq);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
+            (r = sshpkt_put_u32(ssh, seq)) != 0 ||
+            (r = sshpkt_send(ssh)) != 0)
+@@ -481,6 +496,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
+        ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
+        if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
+                return r;
+       if (ninfo >= 1024) {
+               error("SSH2_MSG_EXT_INFO with too many entries, expected "
+                   "<=1024, received %u", ninfo);
+               return dispatch_protocol_error(type, seq, ssh);
+       }
+        for (i = 0; i < ninfo; i++) {
+                if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
+                        return r;
+@@ -581,7 +601,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
+                error("%s: no hex", __func__);
+                return SSH_ERR_INTERNAL_ERROR;
+        }
+-       ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
+       ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
+        ptr = sshpkt_ptr(ssh, &dlen);
+        if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
+                return r;
+@@ -617,7 +637,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
+        if (!(kex->flags & KEX_INIT_SENT))
+                if ((r = kex_send_kexinit(ssh)) != 0)
+                        return r;
+-       if ((r = kex_choose_conf(ssh)) != 0)
+       if ((r = kex_choose_conf(ssh, seq)) != 0)
+                return r;
+ 
+        if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
+@@ -880,7 +900,13 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+ }
+ 
+ static int
+-kex_choose_conf(struct ssh *ssh)
+kexalgs_contains(char **peer, const char *ext)
+{
+       return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext);
+}
+
+static int
+kex_choose_conf(struct ssh *ssh, uint32_t seq)
+ {
+        struct kex *kex = ssh->kex;
+        struct newkeys *newkeys;
+@@ -905,13 +931,23 @@ kex_choose_conf(struct ssh *ssh)
+                sprop=peer;
+        }
+ 
+-       /* Check whether client supports ext_info_c */
+-       if (kex->server && (kex->flags & KEX_INITIAL)) {
+-               char *ext;
+-
+-               ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
+-               kex->ext_info_c = (ext != NULL);
+-               free(ext);
+       /* Check whether peer supports ext_info/kex_strict */
+       if ((kex->flags & KEX_INITIAL) != 0) {
+               if (kex->server) {
+                       kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
+                       kex->kex_strict = kexalgs_contains(peer,
+                           "kex-strict-c-v00@openssh.com");
+               } else {
+                       kex->kex_strict = kexalgs_contains(peer,
+                           "kex-strict-s-v00@openssh.com");
+               }
+               if (kex->kex_strict) {
+                       debug3("will use strict KEX ordering");
+                       if (seq != 0)
+                               ssh_packet_disconnect(ssh,
+                                   "strict KEX violation: "
+                                   "KEXINIT was not the first packet");
+               }
+        }
+ 
+        /* Algorithm Negotiation */
+diff --git a/kex.h b/kex.h
+index a5ae6ac..cae38f7 100644
+--- a/kex.h
+++ b/kex.h
+@@ -145,6 +145,7 @@ struct kex {
+        u_int   kex_type;
+        char    *server_sig_algs;
+        int     ext_info_c;
+       int     kex_strict;
+        struct sshbuf *my;
+        struct sshbuf *peer;
+        struct sshbuf *client_version;
+diff --git a/packet.c b/packet.c
+index 6d3e917..43139f9 100644
+--- a/packet.c
+++ b/packet.c
+@@ -1203,8 +1203,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
+        sshbuf_dump(state->output, stderr);
+ #endif
+        /* increment sequence number for outgoing packets */
+-       if (++state->p_send.seqnr == 0)
+       if (++state->p_send.seqnr == 0) {
+               if ((ssh->kex->flags & KEX_INITIAL) != 0) {
+                       ssh_packet_disconnect(ssh, "outgoing sequence number "
+                           "wrapped during initial key exchange");
+               }
+                logit("outgoing seqnr wraps around");
+       }
+        if (++state->p_send.packets == 0)
+                if (!(ssh->compat & SSH_BUG_NOREKEY))
+                        return SSH_ERR_NEED_REKEY;
+@@ -1212,6 +1217,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
+        state->p_send.bytes += len;
+        sshbuf_reset(state->outgoing_packet);
+ 
+       if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
+               debug("resetting send seqnr %u", state->p_send.seqnr);
+               state->p_send.seqnr = 0;
+       }
+
+        if (type == SSH2_MSG_NEWKEYS)
+                r = ssh_set_newkeys(ssh, MODE_OUT);
+        else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
+@@ -1345,8 +1355,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+        /* Stay in the loop until we have received a complete packet. */
+        for (;;) {
+                /* Try to read a packet from the buffer. */
+-               r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
+-               if (r != 0)
+               if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
+                        break;
+                /* If we got a packet, return it. */
+                if (*typep != SSH_MSG_NONE)
+@@ -1633,10 +1642,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+                if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
+                        goto out;
+        }
+
+        if (seqnr_p != NULL)
+                *seqnr_p = state->p_read.seqnr;
+-       if (++state->p_read.seqnr == 0)
+       if (++state->p_read.seqnr == 0) {
+               if ((ssh->kex->flags & KEX_INITIAL) != 0) {
+                       ssh_packet_disconnect(ssh, "incoming sequence number "
+                           "wrapped during initial key exchange");
+               }
+                logit("incoming seqnr wraps around");
+       }
+        if (++state->p_read.packets == 0)
+                if (!(ssh->compat & SSH_BUG_NOREKEY))
+                        return SSH_ERR_NEED_REKEY;
+@@ -1702,6 +1717,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ #endif
+        /* reset for next packet */
+        state->packlen = 0;
+       if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
+               debug("resetting read seqnr %u", state->p_read.seqnr);
+               state->p_read.seqnr = 0;
+       }
+ 
+        /* do we need to rekey? */
+        if (ssh_packet_need_rekeying(ssh, 0)) {
+@@ -1726,10 +1745,39 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+                r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
+                if (r != 0)
+                        return r;
+-               if (*typep) {
+-                       state->keep_alive_timeouts = 0;
+-                       DBG(debug("received packet type %d", *typep));
+               if (*typep == 0) {
+                       /* no message ready */
+                       return 0;
+               }
+               state->keep_alive_timeouts = 0;
+               DBG(debug("received packet type %d", *typep));
+
+               /* Always process disconnect messages */
+               if (*typep == SSH2_MSG_DISCONNECT) {
+                       if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
+                           (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
+                               return r;
+                       /* Ignore normal client exit notifications */
+                       do_log2(ssh->state->server_side &&
+                           reason == SSH2_DISCONNECT_BY_APPLICATION ?
+                           SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
+                           "Received disconnect from %s port %d:"
+                           "%u: %.400s", ssh_remote_ipaddr(ssh),
+                           ssh_remote_port(ssh), reason, msg);
+                       free(msg);
+                       return SSH_ERR_DISCONNECTED;
+                }
+
+               /*
+                * Do not implicitly handle any messages here during initial
+                * KEX when in strict mode. They will be need to be allowed
+                * explicitly by the KEX dispatch table or they will generate
+                * protocol errors.
+                */
+               if (ssh->kex != NULL &&
+                   (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
+                       return 0;
+               /* Implicitly handle transport-level messages */
+                switch (*typep) {
+                case SSH2_MSG_IGNORE:
+                        debug3("Received SSH2_MSG_IGNORE");
+@@ -1744,19 +1792,6 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+                        debug("Remote: %.900s", msg);
+                        free(msg);
+                        break;
+-               case SSH2_MSG_DISCONNECT:
+-                       if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
+-                           (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
+-                               return r;
+-                       /* Ignore normal client exit notifications */
+-                       do_log2(ssh->state->server_side &&
+-                           reason == SSH2_DISCONNECT_BY_APPLICATION ?
+-                           SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
+-                           "Received disconnect from %s port %d:"
+-                           "%u: %.400s", ssh_remote_ipaddr(ssh),
+-                           ssh_remote_port(ssh), reason, msg);
+-                       free(msg);
+-                       return SSH_ERR_DISCONNECTED;
+                case SSH2_MSG_UNIMPLEMENTED:
+                        if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
+                                return r;
+@@ -2235,6 +2270,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex)
+            (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
+            (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
+            (r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
+           (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 ||
+            (r = sshbuf_put_stringb(m, kex->my)) != 0 ||
+            (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
+            (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
+@@ -2397,6 +2433,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp)
+            (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
+            (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
+            (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
+           (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 ||
+            (r = sshbuf_get_stringb(m, kex->my)) != 0 ||
+            (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
+            (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
+@@ -2724,6 +2761,7 @@ sshpkt_disconnect(struct ssh *ssh, const char *fmt,...)
+        vsnprintf(buf, sizeof(buf), fmt, args);
+        va_end(args);
+ 
+       debug2("sending SSH2_MSG_DISCONNECT: %s", buf);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
+            (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 ||
+            (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 5df9477..617ed9f 100644
+--- a/sshconnect2.c
+++ b/sshconnect2.c
+@@ -218,7 +218,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+                fatal("%s: kex_assemble_namelist", __func__);
+        free(all_key);
+ 
+-       if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
+       if ((s = kex_names_cat(options.kex_algorithms,
+           "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
+                fatal("%s: kex_names_cat", __func__);
+        myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+        myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+@@ -343,7 +344,6 @@ struct cauthmethod {
+ };
+ 
+ static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
+-static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
+ static int input_userauth_success(int, u_int32_t, struct ssh *);
+ static int input_userauth_failure(int, u_int32_t, struct ssh *);
+ static int input_userauth_banner(int, u_int32_t, struct ssh *);
+@@ -460,7 +460,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+ 
+        ssh->authctxt = &authctxt;
+        ssh_dispatch_init(ssh, &input_userauth_error);
+-       ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
+       ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
+        ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
+        ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
+        pubkey_cleanup(ssh);
+@@ -505,13 +505,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
+        return r;
+ }
+ 
+-/* ARGSUSED */
+-static int
+-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
+-{
+-       return kex_input_ext_info(type, seqnr, ssh);
+-}
+-
+ void
+ userauth(struct ssh *ssh, char *authlist)
+ {
+@@ -593,6 +586,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
+        free(authctxt->methoddata);
+        authctxt->methoddata = NULL;
+        authctxt->success = 1;                  /* break out */
+       ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
+        return 0;
+ }
+ 
+diff --git a/sshd.c b/sshd.c
+index 60b2aaf..ffea38c 100644
+--- a/sshd.c
+++ b/sshd.c
+@@ -2323,11 +2323,13 @@ static void
+ do_ssh2_kex(struct ssh *ssh)
+ {
+        char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
+       char *s;
+        struct kex *kex;
+        int r;
+ 
+-       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+-           options.kex_algorithms);
+       if ((s = kex_names_cat(options.kex_algorithms, "kex-strict-s-v00@openssh.com")) == NULL)
+               fatal("kex_names_cat");
+       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+        myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
+            options.ciphers);
+        myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
+@@ -2382,6 +2384,7 @@ do_ssh2_kex(struct ssh *ssh)
+        packet_send();
+        packet_write_wait();
+ #endif
+       free(s);
+        debug("KEX done");
+ }
+ 
+-- 
+2.25.1
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index bc4b922301..eb3089cd8a 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -39,6 +39,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://CVE-2023-38408-10.patch \
           file://CVE-2023-38408-11.patch \
           file://CVE-2023-38408-12.patch \
+           file://CVE-2023-48795.patch \
           "
 SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
 SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"
author	Vijay Anusuri <vanusuri@mvista.com>	2023-12-22 20:07:20 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-12-29 05:29:14 -1000
commit	fc412fa80da3a85de1792b48b68f92ddfe0e033a (patch)
tree	517f7619f24611ebf757be3386c3b3a2d8e68237
parent	0aa12e491969eac7050b6b2c6665a3fdbc070c3d (diff)
download	poky-fc412fa80da3a85de1792b48b68f92ddfe0e033a.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch new file mode 100644 index 0000000000..57c45e3d93 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-48795.patch
@@ -0,0 +1,468 @@
		1	(modified to not remove ssh_packet_read_expect(), to add to
		2	KexAlgorithms in sshd.c and sshconnect2.c as this version pre-dates
		3	kex_proposal_populate_entries(), replace debug_f() with debug(),
		4	error_f() with error(), and fatal_f() with fatal())
		5
		6	Backport of:
		7
		8	From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001
		9	From: "djm@openbsd.org" <djm@openbsd.org>
		10	Date: Mon, 18 Dec 2023 14:45:17 +0000
		11	Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd
		12
		13	This adds a protocol extension to improve the integrity of the SSH
		14	transport protocol, particular in and around the initial key exchange
		15	(KEX) phase.
		16
		17	Full details of the extension are in the PROTOCOL file.
		18
		19	with markus@
		20
		21	OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
		22
		23	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2023-48795.patch?h=ubuntu/focal-security
		24	Upstream commit https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5]
		25	CVE: CVE-2023-48795
		26	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		27	---
		28	PROTOCOL \| 26 +++++++++++++++++
		29	kex.c \| 68 +++++++++++++++++++++++++++++++++-----------
		30	kex.h \| 1 +
		31	packet.c \| 78 ++++++++++++++++++++++++++++++++++++++-------------
		32	sshconnect2.c \| 14 +++------
		33	sshd.c \| 7 +++--
		34	6 files changed, 146 insertions(+), 48 deletions(-)
		35
		36	diff --git a/PROTOCOL b/PROTOCOL
		37	index f75c1c0..89bddfe 100644
		38	--- a/PROTOCOL
		39	+++ b/PROTOCOL
		40	@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curve25519 for key exchange as
		41	described at:
		42	http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
		43
		44	+1.9 transport: strict key exchange extension
		45	+
		46	+OpenSSH supports a number of transport-layer hardening measures under
		47	+a "strict KEX" feature. This feature is signalled similarly to the
		48	+RFC8308 ext-info feature: by including a additional algorithm in the
		49	+initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
		50	+"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
		51	+may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
		52	+are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
		53	+if they are present in subsequent SSH2_MSG_KEXINIT packets.
		54	+
		55	+When an endpoint that supports this extension observes this algorithm
		56	+name in a peer's KEXINIT packet, it MUST make the following changes to
		57	+the the protocol:
		58	+
		59	+a) During initial KEX, terminate the connection if any unexpected or
		60	+ out-of-sequence packet is received. This includes terminating the
		61	+ connection if the first packet received is not SSH2_MSG_KEXINIT.
		62	+ Unexpected packets for the purpose of strict KEX include messages
		63	+ that are otherwise valid at any time during the connection such as
		64	+ SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
		65	+b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
		66	+ packet sequence number to zero. This behaviour persists for the
		67	+ duration of the connection (i.e. not just the first
		68	+ SSH2_MSG_NEWKEYS).
		69	+
		70	2. Connection protocol changes
		71
		72	2.1. connection: Channel write close extension "eow@openssh.com"
		73	diff --git a/kex.c b/kex.c
		74	index ce85f04..3129a4e 100644
		75	--- a/kex.c
		76	+++ b/kex.c
		77	@@ -63,7 +63,7 @@
		78	#include "digest.h"
		79
		80	/* prototype */
		81	-static int kex_choose_conf(struct ssh *);
		82	+static int kex_choose_conf(struct ssh *, uint32_t seq);
		83	static int kex_input_newkeys(int, u_int32_t, struct ssh *);
		84
		85	static const char *proposal_names[PROPOSAL_MAX] = {
		86	@@ -173,6 +173,18 @@ kex_names_valid(const char *names)
		87	return 1;
		88	}
		89
		90	+/* returns non-zero if proposal contains any algorithm from algs */
		91	+static int
		92	+has_any_alg(const char proposal, const char algs)
		93	+{
		94	+ char *cp;
		95	+
		96	+ if ((cp = match_list(proposal, algs, NULL)) == NULL)
		97	+ return 0;
		98	+ free(cp);
		99	+ return 1;
		100	+}
		101	+
		102	/*
		103	* Concatenate algorithm names, avoiding duplicates in the process.
		104	* Caller must free returned string.
		105	@@ -180,7 +192,7 @@ kex_names_valid(const char *names)
		106	char *
		107	kex_names_cat(const char a, const char b)
		108	{
		109	- char ret = NULL, tmp = NULL, cp, p, *m;
		110	+ char ret = NULL, tmp = NULL, cp, p;
		111	size_t len;
		112
		113	if (a == NULL \|\| *a == '\0')
		114	@@ -197,10 +209,8 @@ kex_names_cat(const char a, const char b)
		115	}
		116	strlcpy(ret, a, len);
		117	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
		118	- if ((m = match_list(ret, p, NULL)) != NULL) {
		119	- free(m);
		120	+ if (has_any_alg(ret, p))
		121	continue; /* Algorithm already present */
		122	- }
		123	if (strlcat(ret, ",", len) >= len \|\|
		124	strlcat(ret, p, len) >= len) {
		125	free(tmp);
		126	@@ -409,7 +419,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
		127	{
		128	int r;
		129
		130	- error("kex protocol error: type %d seq %u", type, seq);
		131	+ /* If in strict mode, any unexpected message is an error */
		132	+ if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
		133	+ ssh_packet_disconnect(ssh, "strict KEX violation: "
		134	+ "unexpected packet type %u (seqnr %u)", type, seq);
		135	+ }
		136	+ error("type %u seq %u", type, seq);
		137	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 \|\|
		138	(r = sshpkt_put_u32(ssh, seq)) != 0 \|\|
		139	(r = sshpkt_send(ssh)) != 0)
		140	@@ -481,6 +496,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
		141	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
		142	if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
		143	return r;
		144	+ if (ninfo >= 1024) {
		145	+ error("SSH2_MSG_EXT_INFO with too many entries, expected "
		146	+ "<=1024, received %u", ninfo);
		147	+ return dispatch_protocol_error(type, seq, ssh);
		148	+ }
		149	for (i = 0; i < ninfo; i++) {
		150	if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
		151	return r;
		152	@@ -581,7 +601,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
		153	error("%s: no hex", __func__);
		154	return SSH_ERR_INTERNAL_ERROR;
		155	}
		156	- ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
		157	+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
		158	ptr = sshpkt_ptr(ssh, &dlen);
		159	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
		160	return r;
		161	@@ -617,7 +637,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
		162	if (!(kex->flags & KEX_INIT_SENT))
		163	if ((r = kex_send_kexinit(ssh)) != 0)
		164	return r;
		165	- if ((r = kex_choose_conf(ssh)) != 0)
		166	+ if ((r = kex_choose_conf(ssh, seq)) != 0)
		167	return r;
		168
		169	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
		170	@@ -880,7 +900,13 @@ proposals_match(char my[PROPOSAL_MAX], char peer[PROPOSAL_MAX])
		171	}
		172
		173	static int
		174	-kex_choose_conf(struct ssh *ssh)
		175	+kexalgs_contains(char *peer, const char ext)
		176	+{
		177	+ return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext);
		178	+}
		179	+
		180	+static int
		181	+kex_choose_conf(struct ssh *ssh, uint32_t seq)
		182	{
		183	struct kex *kex = ssh->kex;
		184	struct newkeys *newkeys;
		185	@@ -905,13 +931,23 @@ kex_choose_conf(struct ssh *ssh)
		186	sprop=peer;
		187	}
		188
		189	- /* Check whether client supports ext_info_c */
		190	- if (kex->server && (kex->flags & KEX_INITIAL)) {
		191	- char *ext;
		192	-
		193	- ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
		194	- kex->ext_info_c = (ext != NULL);
		195	- free(ext);
		196	+ /* Check whether peer supports ext_info/kex_strict */
		197	+ if ((kex->flags & KEX_INITIAL) != 0) {
		198	+ if (kex->server) {
		199	+ kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
		200	+ kex->kex_strict = kexalgs_contains(peer,
		201	+ "kex-strict-c-v00@openssh.com");
		202	+ } else {
		203	+ kex->kex_strict = kexalgs_contains(peer,
		204	+ "kex-strict-s-v00@openssh.com");
		205	+ }
		206	+ if (kex->kex_strict) {
		207	+ debug3("will use strict KEX ordering");
		208	+ if (seq != 0)
		209	+ ssh_packet_disconnect(ssh,
		210	+ "strict KEX violation: "
		211	+ "KEXINIT was not the first packet");
		212	+ }
		213	}
		214
		215	/* Algorithm Negotiation */
		216	diff --git a/kex.h b/kex.h
		217	index a5ae6ac..cae38f7 100644
		218	--- a/kex.h
		219	+++ b/kex.h
		220	@@ -145,6 +145,7 @@ struct kex {
		221	u_int kex_type;
		222	char *server_sig_algs;
		223	int ext_info_c;
		224	+ int kex_strict;
		225	struct sshbuf *my;
		226	struct sshbuf *peer;
		227	struct sshbuf *client_version;
		228	diff --git a/packet.c b/packet.c
		229	index 6d3e917..43139f9 100644
		230	--- a/packet.c
		231	+++ b/packet.c
		232	@@ -1203,8 +1203,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
		233	sshbuf_dump(state->output, stderr);
		234	#endif
		235	/* increment sequence number for outgoing packets */
		236	- if (++state->p_send.seqnr == 0)
		237	+ if (++state->p_send.seqnr == 0) {
		238	+ if ((ssh->kex->flags & KEX_INITIAL) != 0) {
		239	+ ssh_packet_disconnect(ssh, "outgoing sequence number "
		240	+ "wrapped during initial key exchange");
		241	+ }
		242	logit("outgoing seqnr wraps around");
		243	+ }
		244	if (++state->p_send.packets == 0)
		245	if (!(ssh->compat & SSH_BUG_NOREKEY))
		246	return SSH_ERR_NEED_REKEY;
		247	@@ -1212,6 +1217,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
		248	state->p_send.bytes += len;
		249	sshbuf_reset(state->outgoing_packet);
		250
		251	+ if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
		252	+ debug("resetting send seqnr %u", state->p_send.seqnr);
		253	+ state->p_send.seqnr = 0;
		254	+ }
		255	+
		256	if (type == SSH2_MSG_NEWKEYS)
		257	r = ssh_set_newkeys(ssh, MODE_OUT);
		258	else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
		259	@@ -1345,8 +1355,7 @@ ssh_packet_read_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
		260	/* Stay in the loop until we have received a complete packet. */
		261	for (;;) {
		262	/* Try to read a packet from the buffer. */
		263	- r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
		264	- if (r != 0)
		265	+ if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
		266	break;
		267	/* If we got a packet, return it. */
		268	if (*typep != SSH_MSG_NONE)
		269	@@ -1633,10 +1642,16 @@ ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
		270	if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
		271	goto out;
		272	}
		273	+
		274	if (seqnr_p != NULL)
		275	*seqnr_p = state->p_read.seqnr;
		276	- if (++state->p_read.seqnr == 0)
		277	+ if (++state->p_read.seqnr == 0) {
		278	+ if ((ssh->kex->flags & KEX_INITIAL) != 0) {
		279	+ ssh_packet_disconnect(ssh, "incoming sequence number "
		280	+ "wrapped during initial key exchange");
		281	+ }
		282	logit("incoming seqnr wraps around");
		283	+ }
		284	if (++state->p_read.packets == 0)
		285	if (!(ssh->compat & SSH_BUG_NOREKEY))
		286	return SSH_ERR_NEED_REKEY;
		287	@@ -1702,6 +1717,10 @@ ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
		288	#endif
		289	/* reset for next packet */
		290	state->packlen = 0;
		291	+ if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
		292	+ debug("resetting read seqnr %u", state->p_read.seqnr);
		293	+ state->p_read.seqnr = 0;
		294	+ }
		295
		296	/* do we need to rekey? */
		297	if (ssh_packet_need_rekeying(ssh, 0)) {
		298	@@ -1726,10 +1745,39 @@ ssh_packet_read_poll_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
		299	r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
		300	if (r != 0)
		301	return r;
		302	- if (*typep) {
		303	- state->keep_alive_timeouts = 0;
		304	- DBG(debug("received packet type %d", *typep));
		305	+ if (*typep == 0) {
		306	+ /* no message ready */
		307	+ return 0;
		308	+ }
		309	+ state->keep_alive_timeouts = 0;
		310	+ DBG(debug("received packet type %d", *typep));
		311	+
		312	+ /* Always process disconnect messages */
		313	+ if (*typep == SSH2_MSG_DISCONNECT) {
		314	+ if ((r = sshpkt_get_u32(ssh, &reason)) != 0 \|\|
		315	+ (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
		316	+ return r;
		317	+ /* Ignore normal client exit notifications */
		318	+ do_log2(ssh->state->server_side &&
		319	+ reason == SSH2_DISCONNECT_BY_APPLICATION ?
		320	+ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
		321	+ "Received disconnect from %s port %d:"
		322	+ "%u: %.400s", ssh_remote_ipaddr(ssh),
		323	+ ssh_remote_port(ssh), reason, msg);
		324	+ free(msg);
		325	+ return SSH_ERR_DISCONNECTED;
		326	}
		327	+
		328	+ /*
		329	+ * Do not implicitly handle any messages here during initial
		330	+ * KEX when in strict mode. They will be need to be allowed
		331	+ * explicitly by the KEX dispatch table or they will generate
		332	+ * protocol errors.
		333	+ */
		334	+ if (ssh->kex != NULL &&
		335	+ (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
		336	+ return 0;
		337	+ /* Implicitly handle transport-level messages */
		338	switch (*typep) {
		339	case SSH2_MSG_IGNORE:
		340	debug3("Received SSH2_MSG_IGNORE");
		341	@@ -1744,19 +1792,6 @@ ssh_packet_read_poll_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
		342	debug("Remote: %.900s", msg);
		343	free(msg);
		344	break;
		345	- case SSH2_MSG_DISCONNECT:
		346	- if ((r = sshpkt_get_u32(ssh, &reason)) != 0 \|\|
		347	- (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
		348	- return r;
		349	- /* Ignore normal client exit notifications */
		350	- do_log2(ssh->state->server_side &&
		351	- reason == SSH2_DISCONNECT_BY_APPLICATION ?
		352	- SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
		353	- "Received disconnect from %s port %d:"
		354	- "%u: %.400s", ssh_remote_ipaddr(ssh),
		355	- ssh_remote_port(ssh), reason, msg);
		356	- free(msg);
		357	- return SSH_ERR_DISCONNECTED;
		358	case SSH2_MSG_UNIMPLEMENTED:
		359	if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
		360	return r;
		361	@@ -2235,6 +2270,7 @@ kex_to_blob(struct sshbuf m, struct kex kex)
		362	(r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 \|\|
		363	(r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 \|\|
		364	(r = sshbuf_put_u32(m, kex->kex_type)) != 0 \|\|
		365	+ (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 \|\|
		366	(r = sshbuf_put_stringb(m, kex->my)) != 0 \|\|
		367	(r = sshbuf_put_stringb(m, kex->peer)) != 0 \|\|
		368	(r = sshbuf_put_stringb(m, kex->client_version)) != 0 \|\|
		369	@@ -2397,6 +2433,7 @@ kex_from_blob(struct sshbuf m, struct kex *kexp)
		370	(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 \|\|
		371	(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 \|\|
		372	(r = sshbuf_get_u32(m, &kex->kex_type)) != 0 \|\|
		373	+ (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 \|\|
		374	(r = sshbuf_get_stringb(m, kex->my)) != 0 \|\|
		375	(r = sshbuf_get_stringb(m, kex->peer)) != 0 \|\|
		376	(r = sshbuf_get_stringb(m, kex->client_version)) != 0 \|\|
		377	@@ -2724,6 +2761,7 @@ sshpkt_disconnect(struct ssh ssh, const char fmt,...)
		378	vsnprintf(buf, sizeof(buf), fmt, args);
		379	va_end(args);
		380
		381	+ debug2("sending SSH2_MSG_DISCONNECT: %s", buf);
		382	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 \|\|
		383	(r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 \|\|
		384	(r = sshpkt_put_cstring(ssh, buf)) != 0 \|\|
		385	diff --git a/sshconnect2.c b/sshconnect2.c
		386	index 5df9477..617ed9f 100644
		387	--- a/sshconnect2.c
		388	+++ b/sshconnect2.c
		389	@@ -218,7 +218,8 @@ ssh_kex2(struct ssh ssh, char host, struct sockaddr *hostaddr, u_short port)
		390	fatal("%s: kex_assemble_namelist", __func__);
		391	free(all_key);
		392
		393	- if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
		394	+ if ((s = kex_names_cat(options.kex_algorithms,
		395	+ "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
		396	fatal("%s: kex_names_cat", __func__);
		397	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
		398	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
		399	@@ -343,7 +344,6 @@ struct cauthmethod {
		400	};
		401
		402	static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
		403	-static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
		404	static int input_userauth_success(int, u_int32_t, struct ssh *);
		405	static int input_userauth_failure(int, u_int32_t, struct ssh *);
		406	static int input_userauth_banner(int, u_int32_t, struct ssh *);
		407	@@ -460,7 +460,7 @@ ssh_userauth2(struct ssh ssh, const char local_user,
		408
		409	ssh->authctxt = &authctxt;
		410	ssh_dispatch_init(ssh, &input_userauth_error);
		411	- ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
		412	+ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
		413	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
		414	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
		415	pubkey_cleanup(ssh);
		416	@@ -505,13 +505,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
		417	return r;
		418	}
		419
		420	-/* ARGSUSED */
		421	-static int
		422	-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
		423	-{
		424	- return kex_input_ext_info(type, seqnr, ssh);
		425	-}
		426	-
		427	void
		428	userauth(struct ssh ssh, char authlist)
		429	{
		430	@@ -593,6 +586,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
		431	free(authctxt->methoddata);
		432	authctxt->methoddata = NULL;
		433	authctxt->success = 1; /* break out */
		434	+ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
		435	return 0;
		436	}
		437
		438	diff --git a/sshd.c b/sshd.c
		439	index 60b2aaf..ffea38c 100644
		440	--- a/sshd.c
		441	+++ b/sshd.c
		442	@@ -2323,11 +2323,13 @@ static void
		443	do_ssh2_kex(struct ssh *ssh)
		444	{
		445	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
		446	+ char *s;
		447	struct kex *kex;
		448	int r;
		449
		450	- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
		451	- options.kex_algorithms);
		452	+ if ((s = kex_names_cat(options.kex_algorithms, "kex-strict-s-v00@openssh.com")) == NULL)
		453	+ fatal("kex_names_cat");
		454	+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
		455	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
		456	options.ciphers);
		457	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
		458	@@ -2382,6 +2384,7 @@ do_ssh2_kex(struct ssh *ssh)
		459	packet_send();
		460	packet_write_wait();
		461	#endif
		462	+ free(s);
		463	debug("KEX done");
		464	}
		465
		466	--
		467	2.25.1
		468


diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index bc4b922301..eb3089cd8a 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -39,6 +39,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
39	file://CVE-2023-38408-10.patch \	39	file://CVE-2023-38408-10.patch \
40	file://CVE-2023-38408-11.patch \	40	file://CVE-2023-38408-11.patch \
41	file://CVE-2023-38408-12.patch \	41	file://CVE-2023-38408-12.patch \
		42	file://CVE-2023-48795.patch \
42	"	43	"
43	SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"	44	SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091"
44	SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"	45	SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671"