Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: filezi...@packages.debian.org Control: affects -1 + src:filezilla
[ Reason ] This will address the no-DSA CVE-2023-48795. The vulnerability has been fixed in sid and trixie. https://security-tracker.debian.org/tracker/CVE-2023-48795 [ Impact ] The impact of putty itself and by proxy also for the SFTP support in filezilla is fortunately very limited : At most an attacker could use abuse terrapin to force the use of SHA1 as negotiated during the server-sig-algs exchange: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html [ Tests ] The fix has been extensively tested by upstream. I have built affected filezilla versions with and without patching and performed a variety of connection, transfer and general use tests to be sure this update will work as users expect. [ Risks ] The updating of the embedded putty within filezilla from upstream commits was very straightforward and is minimal risk. The only variation from upstream is to add the PTRLEN_DECL_LITERAL define macro that was added to putty after the filezilla release in bullseye fixing compile errors. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Other info ] None. Regards Phil -- Playing the game for the games sake. Web: * Debian Wiki: https://wiki.debian.org/PhilWyett * Website: https://kathenas.org * Social Debian: https://pleroma.debian.social/kathenas/ * Social Instagram: https://www.instagram.com/kathenasorg/
diff -Nru filezilla-3.52.2/debian/changelog filezilla-3.52.2/debian/changelog --- filezilla-3.52.2/debian/changelog 2021-01-21 10:38:25.000000000 +0000 +++ filezilla-3.52.2/debian/changelog 2023-12-26 21:06:56.000000000 +0000 @@ -1,3 +1,10 @@ +filezilla (3.52.2-3+deb11u1) bullseye; urgency=medium + + * [CVE-2023-48795] - Add patch: CVE-2023-48795.patch. + - Ref: https://security-tracker.debian.org/tracker/CVE-2023-48795 + + -- Phil Wyett <philip.wy...@kathenas.org> Tue, 26 Dec 2023 21:06:56 +0000 + filezilla (3.52.2-3) unstable; urgency=medium [Phil Wyett] diff -Nru filezilla-3.52.2/debian/patches/CVE-2023-48795.patch filezilla-3.52.2/debian/patches/CVE-2023-48795.patch --- filezilla-3.52.2/debian/patches/CVE-2023-48795.patch 1970-01-01 01:00:00.000000000 +0100 +++ filezilla-3.52.2/debian/patches/CVE-2023-48795.patch 2023-12-26 21:06:56.000000000 +0000 @@ -0,0 +1,279 @@ +Description: Cherry pick and modify upstream fix for CVE-2023-48795. + +Picked from upstream commits: + +filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11047 +filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11048 +filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11049 +filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11051 + +Other: + +In 'src/putty/misc.h' addition of macro 'PTRLEN_DECL_LITERAL' from PUTTY upstream. + +Author: Phil Wyett <philip.wy...@kathenas.org> + +================================================================================ +--- a/src/putty/ssh2transport.c ++++ b/src/putty/ssh2transport.c +@@ -26,6 +26,11 @@ const static ssh2_macalg *const buggymacs[] = { + &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5 + }; + ++const static ptrlen kex_strict_c = ++ PTRLEN_DECL_LITERAL("kex-strict-c-...@openssh.com"); ++const static ptrlen kex_strict_s = ++ PTRLEN_DECL_LITERAL("kex-strict-s-...@openssh.com"); ++ + static ssh_compressor *ssh_comp_none_init(void) + { + return NULL; +@@ -385,6 +390,31 @@ static bool ssh2_transport_filter_queue(struct ssh2_transport_state *s) + { + PktIn *pktin; + ++ if (!s->enabled_incoming_crypto) { ++ /* ++ * Record the fact that we've seen any non-KEXINIT packet at ++ * the head of our queue. ++ * ++ * This enables us to check later that the initial incoming ++ * KEXINIT was the very first packet, if scanning the KEXINITs ++ * turns out to enable strict-kex mode. ++ */ ++ PktIn *pktin = pq_peek(s->ppl.in_pq); ++ if (pktin && pktin->type != SSH2_MSG_KEXINIT) ++ s->seen_non_kexinit = true; ++ ++ if (s->strict_kex) { ++ /* ++ * Also, if we're already in strict-KEX mode and haven't ++ * turned on crypto yet, don't do any actual filtering. ++ * This ensures that extraneous packets _after_ the ++ * KEXINIT will go to the main coroutine, which will ++ * complain about them. ++ */ ++ return false; ++ } ++ } ++ + while (1) { + if (ssh2_common_filter_queue(&s->ppl)) + return true; +@@ -757,6 +787,13 @@ static void ssh2_write_kexinit_lists( + add_to_commasep(list, kexlists[i][j].name); + } + } ++ if (i == KEXLIST_KEX && first_time) { ++ if (our_hostkeys) { /* we're the server */ ++ add_to_commasep_pl(list, kex_strict_s); ++ } else { /* we're the client */ ++ add_to_commasep_pl(list, kex_strict_c); ++ } ++ } + put_stringsb(pktout, list); + } + /* List client->server languages. Empty list. */ +@@ -765,14 +802,23 @@ static void ssh2_write_kexinit_lists( + put_stringz(pktout, ""); + } + ++static bool kexinit_keyword_found(ptrlen list, ptrlen keyword) ++{ ++ for (ptrlen word; get_commasep_word(&list, &word) ;) ++ if (ptrlen_eq_ptrlen(word, keyword)) ++ return true; ++ return false; ++} ++ + static bool ssh2_scan_kexinits( +- ptrlen client_kexinit, ptrlen server_kexinit, ++ ptrlen client_kexinit, ptrlen server_kexinit, bool we_are_server, + struct kexinit_algorithm kexlists[NKEXLIST][MAXKEXLIST], + const ssh_kex **kex_alg, const ssh_keyalg **hostkey_alg, + transport_direction *cs, transport_direction *sc, + bool *warn_kex, bool *warn_hk, bool *warn_cscipher, bool *warn_sccipher, + Ssh *ssh, bool *ignore_guess_cs_packet, bool *ignore_guess_sc_packet, +- int *n_server_hostkeys, int server_hostkeys[MAXKEXLIST]) ++ int *n_server_hostkeys, int server_hostkeys[MAXKEXLIST], ++ bool first_time, bool *strict_kex) + { + BinarySource client[1], server[1]; + int i; +@@ -971,6 +1017,14 @@ static bool ssh2_scan_kexinits( + } + } + ++ /* ++ * Check whether the other side advertised support for kex-strict. ++ */ ++ if (first_time && kexinit_keyword_found( ++ we_are_server ? clists[KEXLIST_KEX] : slists[KEXLIST_KEX], ++ we_are_server ? kex_strict_c : kex_strict_s)) ++ *strict_kex = true; ++ + if (server_hostkeys) { + /* + * Finally, make an auxiliary pass over the server's host key +@@ -1138,12 +1192,26 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) + + if (!ssh2_scan_kexinits( + ptrlen_from_strbuf(s->client_kexinit), +- ptrlen_from_strbuf(s->server_kexinit), ++ ptrlen_from_strbuf(s->server_kexinit), s->ssc != NULL, + s->kexlists, &s->kex_alg, &s->hostkey_alg, s->cstrans, + s->sctrans, &s->warn_kex, &s->warn_hk, &s->warn_cscipher, +- &s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks)) ++ &s->warn_sccipher, s->ppl.ssh, NULL, &s->ignorepkt, &nhk, hks, ++ !s->got_session_id, &s->strict_kex)) + return; /* false means a fatal error function was called */ + ++ /* ++ * If we've just turned on strict kex mode, say so, and ++ * retrospectively fault any pre-KEXINIT extraneous packets. ++ */ ++ if (!s->got_session_id && s->strict_kex) { ++ ppl_logevent("Enabling strict key exchange semantics"); ++ if (s->seen_non_kexinit) { ++ ssh_proto_error(s->ppl.ssh, "Received a packet before KEXINIT " ++ "in strict-kex mode"); ++ return; ++ } ++ } ++ + /* + * In addition to deciding which host key we're actually going + * to use, we should make a list of the host keys offered by +@@ -1333,7 +1401,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) + s->ppl.bpp, + s->out.cipher, cipher_key->u, cipher_iv->u, + s->out.mac, s->out.etm_mode, mac_key->u, +- s->out.comp, s->out.comp_delayed); ++ s->out.comp, s->out.comp_delayed, ++ s->strict_kex); ++ s->enabled_outgoing_crypto = true; + + strbuf_free(cipher_key); + strbuf_free(cipher_iv); +@@ -1388,7 +1458,9 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl) + s->ppl.bpp, + s->in.cipher, cipher_key->u, cipher_iv->u, + s->in.mac, s->in.etm_mode, mac_key->u, +- s->in.comp, s->in.comp_delayed); ++ s->in.comp, s->in.comp_delayed, ++ s->strict_kex); ++ s->enabled_incoming_crypto = true; + + strbuf_free(cipher_key); + strbuf_free(cipher_iv); +--- a/src/putty/ssh2transport.h ++++ b/src/putty/ssh2transport.h +@@ -180,6 +180,8 @@ struct ssh2_transport_state { + bool need_gss_transient_hostkey; + bool warned_about_no_gss_transient_hostkey; + bool got_session_id; ++ bool strict_kex, enabled_outgoing_crypto, enabled_incoming_crypto; ++ bool seen_non_kexinit; + int dlgret; + bool guessok; + bool ignorepkt; +--- a/src/putty/misc.h.orig 2023-12-26 22:08:53.058083841 +0000 ++++ b/src/putty/misc.h 2023-12-26 22:13:21.182448292 +0000 +@@ -205,6 +205,10 @@ + * string. */ + #define PTRLEN_LITERAL(stringlit) \ + TYPECHECK("" stringlit "", make_ptrlen(stringlit, sizeof(stringlit)-1)) ++/* Make a ptrlen out of a compile-time string literal in a way that ++ * allows you to declare the ptrlen itself as a compile-time initialiser. */ ++#define PTRLEN_DECL_LITERAL(stringlit) \ ++ { TYPECHECK("" stringlit "", stringlit), sizeof(stringlit)-1 } + /* Make a ptrlen out of a constant byte array. */ + #define PTRLEN_FROM_CONST_BYTES(a) make_ptrlen(a, sizeof(a)) + +--- a/src/putty/ssh.h.orig 2023-12-26 21:19:06.825369623 +0000 ++++ b/src/putty/ssh.h 2023-12-26 21:20:06.546429641 +0000 +@@ -1555,6 +1555,7 @@ + alloc_channel_id_general(tree, offsetof(type, localid))) + + void add_to_commasep(strbuf *buf, const char *data); ++void add_to_commasep_pl(strbuf *buf, ptrlen data); + bool get_commasep_word(ptrlen *list, ptrlen *word); + + int verify_ssh_manual_host_key( +--- a/src/putty/ssh2bpp.c.orig 2021-06-29 09:59:07.000000000 +0100 ++++ b/src/putty/ssh2bpp.c 2023-12-22 09:48:54.045561126 +0000 +@@ -115,7 +115,8 @@ + BinaryPacketProtocol *bpp, + const ssh_cipheralg *cipher, const void *ckey, const void *iv, + const ssh2_macalg *mac, bool etm_mode, const void *mac_key, +- const ssh_compression_alg *compression, bool delayed_compression) ++ const ssh_compression_alg *compression, bool delayed_compression, ++ bool reset_sequence_number) + { + struct ssh2_bpp_state *s; + assert(bpp->vt == &ssh2_bpp_vtable); +@@ -155,6 +156,9 @@ + s->out.mac = NULL; + } + ++ if (reset_sequence_number) ++ s->out.sequence = 0; ++ + if (delayed_compression && !s->seen_userauth_success) { + s->out.pending_compression = compression; + s->out_comp = NULL; +@@ -179,7 +183,8 @@ + BinaryPacketProtocol *bpp, + const ssh_cipheralg *cipher, const void *ckey, const void *iv, + const ssh2_macalg *mac, bool etm_mode, const void *mac_key, +- const ssh_compression_alg *compression, bool delayed_compression) ++ const ssh_compression_alg *compression, bool delayed_compression, ++ bool reset_sequence_number) + { + struct ssh2_bpp_state *s; + assert(bpp->vt == &ssh2_bpp_vtable); +@@ -237,6 +242,9 @@ + * start consuming the input data again. */ + s->pending_newkeys = false; + ++ if (reset_sequence_number) ++ s->in.sequence = 0; ++ + /* And schedule a run of handle_input, in case there's already + * input data in the queue. */ + queue_idempotent_callback(&s->bpp.ic_in_raw); +--- a/src/putty/sshbpp.h.orig 2021-06-29 09:59:07.000000000 +0100 ++++ b/src/putty/sshbpp.h 2023-12-22 09:53:53.327065403 +0000 +@@ -138,12 +138,14 @@ + BinaryPacketProtocol *bpp, + const ssh_cipheralg *cipher, const void *ckey, const void *iv, + const ssh2_macalg *mac, bool etm_mode, const void *mac_key, +- const ssh_compression_alg *compression, bool delayed_compression); ++ const ssh_compression_alg *compression, bool delayed_compression, ++ bool reset_sequence_number); + void ssh2_bpp_new_incoming_crypto( + BinaryPacketProtocol *bpp, + const ssh_cipheralg *cipher, const void *ckey, const void *iv, + const ssh2_macalg *mac, bool etm_mode, const void *mac_key, +- const ssh_compression_alg *compression, bool delayed_compression); ++ const ssh_compression_alg *compression, bool delayed_compression, ++ bool reset_sequence_number); + + /* + * A query method specific to the interface between ssh2transport and +--- a/src/putty/sshcommon.c.orig 2021-06-29 09:59:07.000000000 +0100 ++++ b/src/putty/sshcommon.c 2023-12-22 11:20:35.839502891 +0000 +@@ -606,6 +606,13 @@ + * lists of protocol identifiers in SSH-2. + */ + ++void add_to_commasep_pl(strbuf *buf, ptrlen data) ++{ ++ if (buf->len > 0) ++ put_byte(buf, ','); ++ put_datapl(buf, data); ++} ++ + void add_to_commasep(strbuf *buf, const char *data) + { + if (buf->len > 0) diff -Nru filezilla-3.52.2/debian/patches/series filezilla-3.52.2/debian/patches/series --- filezilla-3.52.2/debian/patches/series 2021-01-18 21:28:06.000000000 +0000 +++ filezilla-3.52.2/debian/patches/series 2023-12-26 21:06:56.000000000 +0000 @@ -1,2 +1,3 @@ 01_remove-xdg-check.patch # 11_use-decimal-si-by-default.patch +CVE-2023-48795.patch
signature.asc
Description: This is a digitally signed message part
