Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock putty 0.63-10. This is mainly a CVE-assigned security fix (which I cherry-picked rather than trying to get the new 0.64 release into jessie), but there are a couple of sub-CVE-level issues, and two other small changes I think are worth including. diff -Nru putty-0.63/debian/.git-dpm putty-0.63/debian/.git-dpm --- putty-0.63/debian/.git-dpm 2014-10-12 20:43:25.000000000 +0100 +++ putty-0.63/debian/.git-dpm 2015-03-01 12:58:10.000000000 +0000 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -fa575a5eb77674f9b35cbad2d23c1090592197ca -fa575a5eb77674f9b35cbad2d23c1090592197ca +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 putty_0.63.orig.tar.gz diff -Nru putty-0.63/debian/changelog putty-0.63/debian/changelog --- putty-0.63/debian/changelog 2014-10-12 20:47:43.000000000 +0100 +++ putty-0.63/debian/changelog 2015-03-01 12:59:16.000000000 +0000 @@ -1,3 +1,23 @@ +putty (0.63-10) unstable; urgency=medium + + * Backport from upstream: + - Make kh2reg.py compatible with modern Python. + - MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server + value. + - Fix an erroneous length field in SSH-1 key load. + - CVE-2015-2157: Fix failure to clear sensitive private key information + from memory (closes: #779488). + + -- Colin Watson <cjwat...@debian.org> Sun, 01 Mar 2015 12:59:15 +0000 + +putty (0.63-9) unstable; urgency=medium + + * Backport from upstream (Simon Tatham): + - Revert the default for font bolding style back to using colours rather + than fonts (closes: #772948). + + -- Colin Watson <cjwat...@debian.org> Sat, 13 Dec 2014 10:11:04 +0000 + putty (0.63-8) unstable; urgency=medium * Backport from upstream (Simon Tatham), suggested by Jacob Nevins: diff -Nru putty-0.63/debian/patches/enforce-dh-range.patch putty-0.63/debian/patches/enforce-dh-range.patch --- putty-0.63/debian/patches/enforce-dh-range.patch 1970-01-01 01:00:00.000000000 +0100 +++ putty-0.63/debian/patches/enforce-dh-range.patch 2015-03-01 12:58:09.000000000 +0000 @@ -0,0 +1,89 @@ +From 1358a16471783c9c816fe9004de45ae7202bc976 Mon Sep 17 00:00:00 2001 +From: Simon Tatham <ana...@pobox.com> +Date: Sun, 1 Mar 2015 12:50:27 +0000 +Subject: Enforce acceptable range for Diffie-Hellman server value. + +Florent Daigniere of Matta points out that RFC 4253 actually +_requires_ us to refuse to accept out-of-range values, though it isn't +completely clear to me why this should be a MUST on the receiving end. + +Matta considers this to be a security vulnerability, on the grounds +that if a server should accidentally send an obviously useless value +such as 1 then we will fail to reject it and agree a key that an +eavesdropper could also figure out. Their id for this vulnerability is +MATTA-2015-002. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=174476813f0ed94337aecc3e2d13a202a1dc2fa8 +Last-Update: 2015-03-01 + +Patch-Name: enforce-dh-range.patch +--- + ssh.c | 7 +++++++ + ssh.h | 1 + + sshdh.c | 23 +++++++++++++++++++++++ + 3 files changed, 31 insertions(+) + +diff --git a/ssh.c b/ssh.c +index 9eed54d..b543df1 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -6082,6 +6082,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, + } + ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); + ++ { ++ const char *err = dh_validate_f(ssh->kex_ctx, s->f); ++ if (err) { ++ bombout(("key exchange reply failed validation: %s", err)); ++ crStopV; ++ } ++ } + s->K = dh_find_K(ssh->kex_ctx, s->f); + + /* We assume everything from now on will be quick, and it might +diff --git a/ssh.h b/ssh.h +index 031fd97..ac5a10f 100644 +--- a/ssh.h ++++ b/ssh.h +@@ -471,6 +471,7 @@ void *dh_setup_group(const struct ssh_kex *kex); + void *dh_setup_gex(Bignum pval, Bignum gval); + void dh_cleanup(void *); + Bignum dh_create_e(void *, int nbits); ++const char *dh_validate_f(void *handle, Bignum f); + Bignum dh_find_K(void *, Bignum f); + + int loadrsakey(const Filename *filename, struct RSAKey *key, +diff --git a/sshdh.c b/sshdh.c +index c733b61..8f8ab2d 100644 +--- a/sshdh.c ++++ b/sshdh.c +@@ -219,6 +219,29 @@ Bignum dh_create_e(void *handle, int nbits) + } + + /* ++ * DH stage 2-epsilon: given a number f, validate it to ensure it's in ++ * range. (RFC 4253 section 8: "Values of 'e' or 'f' that are not in ++ * the range [1, p-1] MUST NOT be sent or accepted by either side." ++ * Also, we rule out 1 and p-1 too, since that's easy to do and since ++ * they lead to obviously weak keys that even a passive eavesdropper ++ * can figure out.) ++ */ ++const char *dh_validate_f(void *handle, Bignum f) ++{ ++ struct dh_ctx *ctx = (struct dh_ctx *)handle; ++ if (bignum_cmp(f, One) <= 0) { ++ return "f value received is too small"; ++ } else { ++ Bignum pm1 = bigsub(ctx->p, One); ++ int cmp = bignum_cmp(f, pm1); ++ freebn(pm1); ++ if (cmp >= 0) ++ return "f value received is too large"; ++ } ++ return NULL; ++} ++ ++/* + * DH stage 2: given a number f, compute K = f^x mod p. + */ + Bignum dh_find_K(void *handle, Bignum f) diff -Nru putty-0.63/debian/patches/font-bolding-style-default.patch putty-0.63/debian/patches/font-bolding-style-default.patch --- putty-0.63/debian/patches/font-bolding-style-default.patch 1970-01-01 01:00:00.000000000 +0100 +++ putty-0.63/debian/patches/font-bolding-style-default.patch 2015-03-01 12:58:09.000000000 +0000 @@ -0,0 +1,36 @@ +From 0a82f756c07d0266a6ff6f3b7fd86ccb1cd84040 Mon Sep 17 00:00:00 2001 +From: Simon Tatham <ana...@pobox.com> +Date: Wed, 7 Aug 2013 06:22:52 +0000 +Subject: Revert default for font bolding style + +Revert the default for font bolding style back to using colours rather +than fonts. I broke this in r9559 when I added the option for 'both', +because the internal representation got offset by one so as to change +from a boolean to two bitfields and I must have confused myself about +what the default should be. + +[originally from svn r10008] +[r9559 == bc6e0952ef1c27c577318ee3c0883c7823c7005b] + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=c0b6e0b9626baecab20ba6946dc26a75f187e2cf +Bug-Debian: http://bugs.debian.org/772948 +Last-Update: 2014-12-13 + +Patch-Name: font-bolding-style-default.patch +--- + settings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/settings.c b/settings.c +index 8bcfb21..2aae3f1 100644 +--- a/settings.c ++++ b/settings.c +@@ -871,7 +871,7 @@ void load_open_settings(void *sesskey, Conf *conf) + gppi(sesskey, "TryPalette", 0, conf, CONF_try_palette); + gppi(sesskey, "ANSIColour", 1, conf, CONF_ansi_colour); + gppi(sesskey, "Xterm256Colour", 1, conf, CONF_xterm_256_colour); +- i = gppi_raw(sesskey, "BoldAsColour", 0); conf_set_int(conf, CONF_bold_style, i+1); ++ i = gppi_raw(sesskey, "BoldAsColour", 1); conf_set_int(conf, CONF_bold_style, i+1); + + for (i = 0; i < 22; i++) { + static const char *const defaults[] = { diff -Nru putty-0.63/debian/patches/kh2reg-modern-python.patch putty-0.63/debian/patches/kh2reg-modern-python.patch --- putty-0.63/debian/patches/kh2reg-modern-python.patch 1970-01-01 01:00:00.000000000 +0100 +++ putty-0.63/debian/patches/kh2reg-modern-python.patch 2015-03-01 12:58:09.000000000 +0000 @@ -0,0 +1,74 @@ +From 62044d3f09a28436c37b288913649bf3374f7c06 Mon Sep 17 00:00:00 2001 +From: Jacob Nevins <jac...@chiark.greenend.org.uk> +Date: Sun, 1 Mar 2015 12:45:34 +0000 +Subject: Make kh2reg.py compatible with modern Python. + +Bare string exceptions aren't supported any more. +Patch by Will Aoki, plus a backward compatibility tweak from Colin Watson. +Seen working with Python 2.4.3 and 2.7.6. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=56a42d09d43e91603f3fbf01f5781bcbbc54a6bd +Last-Update: 2015-03-01 + +Patch-Name: kh2reg-modern-python.patch +--- + contrib/kh2reg.py | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/contrib/kh2reg.py b/contrib/kh2reg.py +index da62b3f..e6f27ef 100755 +--- a/contrib/kh2reg.py ++++ b/contrib/kh2reg.py +@@ -9,7 +9,8 @@ + # kh2reg.py --unix known_hosts1 2 3 4 ... > sshhostkeys + # Creates data suitable for storing in ~/.putty/sshhostkeys (Unix). + # Line endings are someone else's problem as is traditional. +-# Developed for Python 1.5.2. ++# Originally developed for Python 1.5.2, but probably won't run on that ++# any more. + + import fileinput + import base64 +@@ -64,6 +65,13 @@ if output_type == 'windows': + [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys] + """) + ++class BlankInputLine(Exception): ++ pass ++ ++class UnknownKeyType(Exception): ++ def __init__(self, keytype): ++ self.keytype = keytype ++ + # Now process all known_hosts input. + for line in fileinput.input(args): + +@@ -73,7 +81,7 @@ for line in fileinput.input(args): + + # Skip blanks and comments + if line == '' or line[0] == '#': +- raise "Skipping input line" ++ raise BlankInputLine + + # Split line on spaces. + fields = string.split (line, ' ') +@@ -120,7 +128,7 @@ for line in fileinput.input(args): + if sshkeytype == "ssh-rsa": keytype = "rsa2" + elif sshkeytype == "ssh-dss": keytype = "dss" + else: +- raise "Unknown SSH key type", sshkeytype ++ raise UnknownKeyType(sshkeytype) + + # Now print out one line per host pattern, discarding wildcards. + for host in string.split (hostpat, ','): +@@ -151,7 +159,7 @@ for line in fileinput.input(args): + sys.stdout.write("\"%s\"=\"%s\"\n" + % (winmungestr(key), value)) + +- except "Unknown SSH key type", k: +- sys.stderr.write("Unknown SSH key type '%s', skipping\n" % k) +- except "Skipping input line": ++ except UnknownKeyType, k: ++ sys.stderr.write("Unknown SSH key type '%s', skipping\n" % k.keytype) ++ except BlankInputLine: + pass diff -Nru putty-0.63/debian/patches/private-key-not-wiped-2.patch putty-0.63/debian/patches/private-key-not-wiped-2.patch --- putty-0.63/debian/patches/private-key-not-wiped-2.patch 1970-01-01 01:00:00.000000000 +0100 +++ putty-0.63/debian/patches/private-key-not-wiped-2.patch 2015-03-01 12:58:10.000000000 +0000 @@ -0,0 +1,70 @@ +From ec231f1fb9e91c21cc24fd0ce731d9bee7218613 Mon Sep 17 00:00:00 2001 +From: Simon Tatham <ana...@pobox.com> +Date: Sun, 1 Mar 2015 12:55:31 +0000 +Subject: Add some missing smemclrs and sfrees. + +The absence of these could have prevented sensitive private key +information from being properly cleared out of memory that PuTTY tools +had finished with. + +Thanks to Patrick Coleman for spotting this and sending a patch. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d +Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html +Bug-Debian: http://bugs.debian.org/779488 + +Patch-Name: private-key-not-wiped-2.patch +--- + sshpubk.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/sshpubk.c b/sshpubk.c +index 8cb4bf1..753370d 100644 +--- a/sshpubk.c ++++ b/sshpubk.c +@@ -844,6 +844,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, + goto error; + } + sfree(public_blob); ++ smemclr(private_blob, private_blob_len); + sfree(private_blob); + sfree(encryption); + if (errorstr) +@@ -864,8 +865,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename, + sfree(mac); + if (public_blob) + sfree(public_blob); +- if (private_blob) +- sfree(private_blob); ++ if (private_blob) { ++ smemclr(private_blob, private_blob_len); ++ sfree(private_blob); ++ } + if (errorstr) + *errorstr = error; + return ret; +@@ -1154,8 +1157,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, + } + + fp = f_open(filename, "w", TRUE); +- if (!fp) +- return 0; ++ if (!fp) { ++ sfree(pub_blob); ++ smemclr(priv_blob, priv_blob_len); ++ sfree(priv_blob); ++ smemclr(priv_blob_encrypted, priv_blob_len); ++ sfree(priv_blob_encrypted); ++ return 0; ++ } + fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name); + fprintf(fp, "Encryption: %s\n", cipherstr); + fprintf(fp, "Comment: %s\n", key->comment); +@@ -1172,6 +1181,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key, + sfree(pub_blob); + smemclr(priv_blob, priv_blob_len); + sfree(priv_blob); ++ smemclr(priv_blob_encrypted, priv_blob_len); + sfree(priv_blob_encrypted); + return 1; + } diff -Nru putty-0.63/debian/patches/series putty-0.63/debian/patches/series --- putty-0.63/debian/patches/series 2014-10-12 20:43:25.000000000 +0100 +++ putty-0.63/debian/patches/series 2015-03-01 12:58:10.000000000 +0000 @@ -8,3 +8,8 @@ gtk-timer-leak-1.patch gtk-timer-leak-2.patch dynamic-tunnel-session.patch +font-bolding-style-default.patch +kh2reg-modern-python.patch +enforce-dh-range.patch +ssh-1-key-load-length.patch +private-key-not-wiped-2.patch diff -Nru putty-0.63/debian/patches/ssh-1-key-load-length.patch putty-0.63/debian/patches/ssh-1-key-load-length.patch --- putty-0.63/debian/patches/ssh-1-key-load-length.patch 1970-01-01 01:00:00.000000000 +0100 +++ putty-0.63/debian/patches/ssh-1-key-load-length.patch 2015-03-01 12:58:09.000000000 +0000 @@ -0,0 +1,32 @@ +From 311ccf95a87f611fee426018bb4d6b7244c7da7e Mon Sep 17 00:00:00 2001 +From: Simon Tatham <ana...@pobox.com> +Date: Sun, 1 Mar 2015 12:53:44 +0000 +Subject: Fix an erroneous length field in SSH-1 key load. + +We incremented buf by a few bytes, so we must decrement the +corresponding length by the same amount, or else makekey() could +overrun. + +Thanks to Patrick Coleman for the patch. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=1f757928051b6d6ff231b2265bad2d263b0fe3ea +Last-Update: 2015-03-01 + +Patch-Name: ssh-1-key-load-length.patch +--- + sshpubk.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sshpubk.c b/sshpubk.c +index ac9e0fa..8cb4bf1 100644 +--- a/sshpubk.c ++++ b/sshpubk.c +@@ -67,7 +67,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only, + i += 4; + + /* Now the serious stuff. An ordinary SSH-1 public key. */ +- j = makekey(buf + i, len, key, NULL, 1); ++ j = makekey(buf + i, len - i, key, NULL, 1); + if (j < 0) + goto end; /* overran */ + i += j; unblock putty/0.63-10 Thanks, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
