From 6015a2921166fa837890619812d3125131235140 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Dec 20 2013 21:40:02 +0000 Subject: Update Diffie-Hellman group parameters - Fix support for 8192-bit DH parameters (#1044586) - Add 3072-bit and 7680-bit DH parameters (upstream bug 4002) --- diff --git a/proftpd-1.3.4d-bz1044586.patch b/proftpd-1.3.4d-bz1044586.patch new file mode 100644 index 0000000..2fca8db --- /dev/null +++ b/proftpd-1.3.4d-bz1044586.patch @@ -0,0 +1,348 @@ +--- contrib/mod_sftp/cipher.c ++++ contrib/mod_sftp/cipher.c +@@ -70,6 +70,9 @@ static size_t cipher_blockszs[2] = { + SFTP_CIPHER_DEFAULT_BLOCK_SZ, + }; + ++/* Buffer size for reading/writing keys */ ++#define SFTP_CIPHER_BUFSZ 1536 ++ + static unsigned int read_cipher_idx = 0; + static unsigned int write_cipher_idx = 0; + +@@ -369,7 +372,7 @@ int sftp_cipher_set_read_key(pool *p, co + */ + EVP_CIPHER_CTX_init(cipher_ctx); + +- bufsz = buflen = 1024; ++ bufsz = buflen = SFTP_CIPHER_BUFSZ; + ptr = buf = sftp_msg_getbuf(p, bufsz); + + /* Need to use SSH2-style format of K for the IV and key. */ +@@ -530,7 +533,7 @@ int sftp_cipher_set_write_key(pool *p, c + */ + EVP_CIPHER_CTX_init(cipher_ctx); + +- bufsz = buflen = 1024; ++ bufsz = buflen = SFTP_CIPHER_BUFSZ; + ptr = buf = sftp_msg_getbuf(p, bufsz); + + /* Need to use SSH2-style format of K for the IV and key. */ +--- contrib/mod_sftp/dhparams.pem ++++ contrib/mod_sftp/dhparams.pem +@@ -5,131 +5,142 @@ + # + # The file was generated using the following OpenSSL command: + # +-# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096 >> dhparams.pem ++# openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem + # + # Note that these DH parameters should be refreshed every so often (e.g. +-# every few years). These parameters were last updated on 2008-09-07. ++# every few years). These parameters were last updated on 2013-01-14. + ++# 1024-bit DH group params + -----BEGIN DH PARAMETERS----- +-MIGHAoGBAL1klKb7HRp8xd5Q/bg8V3ZwqUg3IHtYt8Wj3gnWqvNYoWvfm29E7XTd +-Quxo6gbqELBhjvHjZL3LRcvoG+fkXvtni5AW/3cImU2V1NOu6r6GqZTPmbMx0S/2 +-XN0fij5kELsXN0GWhMnd+//3seg2qxqeSDvuAPo6s5mP/i61nIFLAgEC +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIIBCAKCAQEAlWOEyCrWQg2fe22ZF/Uhjjl+kOBRkfsGz+ClmJqZ25V8OSv6gkFS +-UjOQ50n7L2yP1qyVxeez63dP18IFtqAZMCUav/BbMgt1LooHDmjCIkU7kJVp9r/b +-0lpawVygzrfhf8X+0CqoZ0AOr++jl6x/k2vTpJbWhbGI04ZC9LFDB4tg9o8MLuK4 +-0EPjsyfNtq+MbcuZXe6N0fxC1UB1ioBEzS4jVyfB0mqwcXOUxCLh4ejtXX/IL46Q +-RjRR3P52AdO+L+0CRRQhrYyf4bllkDhHs82V5xdQ/a7+ZRbsvHDb9JDFTZhexMhw +-Y/tSBQ8blmE50dioe6VlYkGLA+e7vqaJIwIBAg== +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIHHAoHBALOPItPXrqsiUjPIuJJp6VujphDhwZm4ppzhANDLc0kvphQQ4/QqbNZd +-G2QLKzC7R/HPX0JWsYk0sbqnxQ3sc22M8qzlSWNDQv7yaFRGTKmLWDQIyfTM7EnI +-oGCP5uKBcRgkFnBtrNMTD2vCCXWb/7CZvMGEYFK+GNIvGGAnGzuwlM4ZpaOXnW5v +-oDFCoeKip3lhrrQ/VXPfqYs2wVTrEtBrFUmqBmQ9U3R+sNOrx03Fjne2EuwCxhxn +-/YoKL/FV1wIBBQ== +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIGHAoGBAJTimNd8/geU7EhynM43DgfsK16oJF7NZWIUUdRc704eKwaCaqEYKyYz +-aA7NMBTT8HEpLHvmBK7KOzY9nn7J4Po+Y8HoV5UUpl23WtwePceaTZ2S7oDkXnLy +-JLK9oAQOOsJeNnvSYSs9k263MPoHWyh67VqATWwrsnH0YiXdUU4LAgEF +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIGHAoGBAK9UWSbL+3jV2SPvE28dK11Evdi9813vfTV49TS1xCGRhHMQKFmpCHQP +-GIa/kbrONOkJ7WbRVQHuohN3K6XOzBDlvBLx59pOL5KWE0KX5y5tiCbpksyJ6jnL +-84yi95u/zHiWQi9eAbFI8K40sR7KC0YXq1gqBTW04o4DT6746LqjAgEC +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIHHAoHBANwf0HdsXC5BkFrUv80XYQl84eZIRbcllfBU466t2DNWw6kDl9ArsTYo +-LVhoAbws1SSqtQWtlDNg+cJ9SWIFRKS8RrNoHzacJvWH1utJFwtNtOYdnOSnyxzt +-caQwSH4pKm1S+4TwMHG1js1n9IcNEkADa0VHTsEZWhGvMYqZ9LsRsTf167lYvJ5B +-GVJnN8RxThkRUl23iE2Wa/5I9lNQeAVb9BAVZCMw9p/1/IWkAzC2571TGQE6oXfR +-hAMNXHDHKwIBAg== +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIGHAoGBAJVRHDXca5zLOiUtl8dCD56IoIlppP6jmF2WAeE11GapRy9IT7LhdZTl +-Ku1ZB/vnBL3sRsRjksgv7gWH5Zqo4kVWmsDDqErWW0b7z7WpvP3KpS5nMYGnT86C +-nGVzE2/kOtdtul+QAhTDzdbm+kHhjHoH5OX0STto0GB2uXbHkWB7AgEC +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIHHAoHBAOQWHYV1Q6nICm4gcSthgCvEnatBfN/sZpC3vQD6rc6Dp1R9WhiVdKML +-kRABgYwKSP/+xq37Qs0uyFz2ir3EPxk5u/Rkx76770KqFBM7hx5MuMeivK3Qw9qo +-6tkbco7K0ZE7YGCgyy4b++rhfhyNhbI3qprxN1h4WPxouFXYjyXNVZq9mFe0gbPD +-0xA7yHzsJvU6gQ/RuhChhqCiirjmfnuSE7ej0fdW2hXIzwThnz7AiAqP0VNQiHBd +-/K9hLRGqmwIBAg== +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIGHAoGBAJ5fowbgIsajHjtkHicf1EpLP/OoYoexGHWvKEB9KdoXNKSTXmSYcagP +-gm3axwtp7CbmpzcNipc8MfIMQEozkwsvsy/h5fgVIxfeKvPaA9oA8PCwZ8kIVzaf +-vkVxPWRu+Azd0I+DULJuEwBqUDd4cJE1WQ2BFIdaH5nz7X2ATPePAgEF +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIIBCAKCAQEA8tUOZyM0dTIj0ehiRUeX5Y5S/BNl2HLbQHxcYtb/vpDM58ebADuC +-xSESbYcjAxBXbppWZOlDFP5VWr/fTd+5357MQvlFMZM32GLUidrF82Ur9u/GN3jX +-w1Z3TO7tOiIp2uxXbRvlJhUE0O+/G+pvnQsmbS0aBFDmZdd+u7HBa/3LIAlbBpdg +-aPiEgbXM5E52F5BK/5L47KKAzSLCgH7YxVFyWgKXicryMgJ3Kh0+gMVTBF+9iw6/ +-n5Eam0m8f9bry2mE3Gi8ROebIHNYCa+JaUytLPD/kXRAbU5lUXp7eE2DO90+OhJa +-wjEMoNGY1OTbNLaXg3WkhF2PPxQoTSTfAwIBAg== +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIICCAKCAgEAiWDATfwSP6kPZTeSaLlu4IV5gW1nsutKK1l/CQVbNHxDFtt/JeIT +-cppatvo239b0bfgVApt1+i5SY+z0LeU+1RG2s3pgaASeCYz0CxogYEF2/v7Byrtx +-HOtNu9qeJH2mR2m0pZsV3ob6wtIXAbGI/JQkbuLTmsa90pLr8kJZ6vHk3N+71ZWG +-ndHwYn4iM23bFo4gQ92qgBMfeLrfCDaHvTdKNpIEyPLTLiSwSq+TuOPApGJ3s7qV +-pV3vx51QcCQN7EjMt5i2yjIHJwxI3ivRsGCQPgphHy1mfNoY9e3OrDX6fvhKaaPV +-r7EUc2uF1Qd74no9pUsco5NZqC+vNc9pqIRuV0WP68L2VyIxZDxaWsS4F01w7JAT +-syfswu3IwlNUdk4EAE8JaVviqhTCfdYgJ6j4N7xvpOm03tJycbLcDmNKSuVWvKx7 +-9r51Wjc4ItRG+MCdKGMzQ8SJlN/ZK2Xb78E2WDVYoaai2VCbdx/rbT3kIGEckYIU +-l81rNYVFiYTw3Zo/+kh5IUPYs83OplMf4YUixc+jDRXELbR4hLeV/5teyl6qC7RY +-abbrBvvDqw1wj8IeVm5Cf6SJGXX6inFTRzsRMmv/UgnYUg44Ysw7iRfgP81uXfWb +-3St3OxGYsfZf5sgDTvWD27UFOndAlQS4iZGvX9t+zT8h0/EBBh/+U6MCAQU= +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIGHAoGBANX1fgb+NbhP/B1UBb2K5uj1+26LXi3+ng2SRUQJiNQT12OhzEPnIiCV +-F3VTbFjmp9gd8ReJNAMzImSS1XVw9iMYClsRxkctygprYe0oi+Wx8xb1sAaJmnxQ +-Oz4pwKBbaz2/pwykVkSYO+/3Fcgb176FFbwdzM9icXLb5IkpgKpDAgEC +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIIDCAKCAwEAjkFOPge0h7o3ogiTDJgkwk85Xwkqd+kFM1NVy4HFZXUcPH2B+f2X +-rwrhuzGbDNURS0QCtVsTdJSMY4qfNhYZBeHi8bpfZSZ93KivUJaSi1E3hF+8mJey +-MC7Byi0rYdZSORd2n7oomqMNR/CIMBSgct05+CHbmnNWi1fqsnfdsjESV8b/Gu+4 +-oJP6mdazE0jOjOcX1o0/fiQVQDM8+krSbvOA/DXabUAEU5n4X1bO909aUIJL9M99 +-aAUN8w11uAy50elGgu2y/A+Ap7kgrCgQ4A2/OyRmq5+MBgILIq7L7HWxA72wKc5Q +-iNNBLjSySFmUf8kT4yo1PpO8j5kSqJT5KXG8Q8FxvECww5vuKC4mNA1E13ITnDgf +-qcG1KfIT1hTW1GXSoqYQfO4kVmUk5AnKK6K4eUFVZkZWE2Kys17YsYepG6TKxCU6 +-xBwcivDoKqr0NQ/8NLerdNOurDj7myurWsh7l9RJIDSuTCHOPysy+5xvE1upQBSh +-BxtRXKL6cQ3yTqo4Tqg6hrYACcNatXyPBbF1B0dF7uQ1O+Qjdrg4WHF296T4YKTF +-aa73jb+x/DAMXUejLVDb6Oi6wapYVUZtLIgY9ezToPNnTtMISNISNesZZGb166Dj +-+k9InPD60Yk0wjQge2CRAUrlMOrOuSpUkYLXPzqQT7wYTZLuxXdpJXqdjrcg6ru+ +-e95vBSluapMezMtRF0ZBZSPq9NuKez37gqB4XuxYWyXK1Zt6ler8U5WO6iEPsotF +-h69pKvuTYbtP20SF2nZYDxbHgGjXugnjI6rD6plYih97Y5Nak6IvuYA3F+FAtpXr +-kS3qbDBKIsPkNtyXOaUuQY0PZZRzl1+0upSdkmewyAz3qoC5dzb19xBfHrvpwUjc +-kBhmkYzole3dUQuxVU1Eu+zlq0VPedOAJdhZs7BDDnOWRZwd14teo6hhxuleT8Of +-fA1zSuozB/YNpGxdtYt5XMO3kNR4gNsurDz/5JWxRaz21QxpFVodZmy5WHeddj79 +-aMXQhuG1qpc7AgEC +------END DH PARAMETERS----- +------BEGIN DH PARAMETERS----- +-MIIECAKCBAEA2uLCDvJnPy9O5w9VnUJWlXlo6/bUZbYSCqgsUUHU3ZUyWZV00M/h +-SFECq78SvsqeVpdDqLkaiq667AsmXUkIcZIfPfp/lgwsxcPjOICQItxYWqs6OauO +-QmY9OTeIXzEt+XSoGIW7r6mJcPFbs2CGI5VOMcdCDeIAQC3PP66ZHjwnifqjpmPK +-6fXCa9imq35EE5SAc+zBgf2Tv14TR5T0sHzViMxVSo2tAyTu5vmZJebZk2S9Kj4M +-CotC7Hv+Xj7zO1gxQns3ourbaRfPh/C6uQgBNBOBbVcCYHSbzuGYn0B4xm7et6c0 +-3rXFLpf7x0kka0sG/6PMLYI7qCztqVa/e3SupG1S69CsY+UiwKUxjZlPYz4DelHT +-IfJ0Anz6qQqSkdr4b8HcSL0X4OCAci1xpC/9OW1Tx4iW2fXr8TYIhY1+aE63ARyn +-qpWFfWhE8usd61UyHeVjHWgugYhjHAUgW/2iGS1O8gZz7tcuq20IuOvWennbvRgq +-8j9QyRIgNcoSj41Y8Tm89pOxFHkuU6UeQ9B7sgMjCi2g3baehKKGVRbH+SC2SVm7 +-yKEAcyx4fKKlNkOxivX4gVAo8GtEWguVIo0e/bqBDqf8L+PyGdbbJ7E+oiJ00hiS +-UU+go6WBwrrbgxwvbZBFQb4RDZukYe89kmwIV0cmLd4CUWkg04ABH1C39AoGvfAh +-e5oFk+1omSQNMDKVlW4EZ8C9ZiaC89R1DNijk4SWkNQJKl6R3DSy++Papsh+b3tb +-Ct/OujxcuuNeURy5P526IAZ+5aOq9WYwHrcfGGgp19Mq/f1M4JGvHd7C7+T4PHLL +-Vulu3OubOT3Le1q7c0gzw43hlGj0dAImvJYOdQymHBmQYmMgRjVSYHkZQLXkLhAR +-v2dGQnlA91AMLu8/WLgzilPORSbTf2zFujVbbRdXlBoQA5bj8A/aQCaHfZFV313z +-c5VgfwwGFx56NH7wRmVaIu6yTnCLro1mBv4/grH/KZa88+gYhbOFtlkkPVmnr+dA +-mexO24xVLOY+AU6Pqxae6NBT+FCbGPNM6xb0L4UMnD3hLbKf9+S1u5uCeNYtFtXx +-PYkwp42MMM5sXRcEOFncEoEf+g0EckYceV2SlyqLpxGYg1fT74gp6AooBPAtHAko +-5QuqvQqf8IwnP5iHYOGkuzPSVyTgknK0nRYvipC2T+3zlBBHj/vSwCQvXSY/zym4 +-572KJXxdoBT9ZYjW5m9pKb636Ai2bh0tnAVbyZRuDWP5v/MbBs7lXYh+dNLhLkpu +-vWvGa6JMHp5GYlfSgpD0JZhu93/RshPc6GgizJyHbgKvDNzHyYUzSZQ7PzSKU83O +-f4pMJdYHvuGVdOJG7nwIYouX8t/zYxQzOwIBBQ== ++MIGHAoGBALbvOMiSzkUDxrpE0v150A1+hi9R0xSbwk2nyGBHznfZtvi3prJWIZwS ++5WPTZI9QCUCGIfGt8xfVrzzzfmruEFUZK9Tz27mR+7dPiet3c51niPIOrBlUCeTB ++Kz/urIJMeUcoUcDSbIeajAyLfwkWvLP44i/n7fDW9rsuzef6Eq+bAgEC ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAM5hpw0SGB0LHC0hN3Cp2rwnRPQtgvywaj1Ju3odzswLaxYriqQODBCH ++psywSpi5WAU2R/WUITW5VWLHlI7HpCJwNXG9s9GmHTelCGvBEd/c63jJlL6VjyOe ++M2OW+RDONoNFTXXVMmPayuUq3vfWFPGcSRZg5CI+d4Xma4eRPRxbAgEF ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAKP/HXSZf3Pbpczrl3tvL9L5g+vWsoBQWFA0PglX/RUV7wd/hgiRdcJG ++MXktBIkBDxtdKZM5JKu8d99e5Lmbw6puluLF1lA8ZJ/lcIhojnDWQZ8bFBXx2DJ9 ++DpDMMX/htR8u+cnPxeKDw2gnKjuN39Ku+1IdBLYSl9iu4GEwk9rDAgEC ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAMLOI4dbum16dz3CVufbtZ/90kC92QElRU2yfEwQdxsufkcYd+uEPgfx ++vD0PCMdCl2zAHfMjMtGCrb+8pTiO2eaC/4/wd6z0LUciawZo/dSE3n7S+D51ZH1I ++IN1OyvIhMMBq+DyujB6t9jUlrpXriXdcvmv78R83uT6TwwhFtRXnAgEF ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAO7i+5IQHjs6tHh5LXAwvD3XXgxyE6j7e1KWmgHDFg6GeEo2UZLu07Zt ++Ynu9srvka3KsnzdDEqtQgZk9C1aRMpqYoy0DFptVHNFjyhydIwB23Eh5a5xmpCzg ++X4yDC+2ADrU2PC0M+T8FuAOWvd3VBBrnm3msoRBRy26IKBAeDi5jAgEC ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAIBl4JEof+IcUS/j+PnkmeYNLUtGwi/PrQ4xv5Q3V0aiy/qIOX8yYFIA ++gwBidaoqPkG0CAAYO9o8gvFhHfJHd8B296mYybSHSGI2G6TVP3xdZYNmqG1lAqd/ ++Vqmj+CvmkYsgacDVD6P8yOLrF6gzBb9PxVNOFqPhNX/0yOXBr6YTAgEF ++-----END DH PARAMETERS----- ++ ++# 1536-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIHHAoHBAJkp+TbtcuMfeImd5XIA7pKwGjtrcVtNpRXB4wlRbpJpbGGQcyCe65MJ ++Kmxs8sndPv1S19fTH+3Fcp9jl7JmChHs+TcWqIpvmrBFRZ/5N2bf2fgimi7hSWWF ++JwFdb9zpxUNWbAcNnR/jZdqQ61wweyUT0sfGPH+0xNRbtc1Ct1E95o4+7Os82Lh1 ++TKokivVwwBf9m2vmCFEXDTgW0bLLqNRH1CQ8juEiw6i/zabmkutPPhKN0uxA7j75 +++eMc/DVzlwIBBQ== ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIHHAoHBAKhfKa4EANC76yzSGF+/8UKQnSzjhMDyqOmWlrvb66CTe4T6gTtpECkm ++8KDmxuN3HrlXgkEQoMh4rgazpx3UG0z8T6aqQXFZmAVMK/Yp++9H/EzJhTyntJ31 ++hz3QqkoZgznvKx2vF+Gmx7C4imd+EIi7b/Lz/yw1P3wIGt1t3rznudc46BfPbRMf ++7sEQ20na5PEY5XwX3V9u2X61HM4YGto9XuNVL3uU70bxW6pceFBzdzVEadnXaJyW ++00bevXWw2wIBAg== ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIHHAoHBANdeoQj9jcGLATPLTqI4vpKMgqJ5fuOe+8yiVVTmDGuNzDL7lDj5JMSF ++lrpG99IPVb6Cy+kSAyO/PBbTkj9nPzls42GKmABjb3PHYiDIBcYq4xfP7Z/PEH9J ++YIT/9PQVqVRFPHnzdZcXtaS3H6ve6npiwvgwPCNz7s7MX9C153XF99T0qCA8L/a+ ++KsnKD2aaqsxi/6Njr7sBly9l6qre70lONzeOLzcwQSRq9l2pjSMEekJPY6E3yPPy ++MA4GLMlaKwIBAg== ++-----END DH PARAMETERS----- ++ ++# 2048-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEA6Y/KjtYFfcVooSk1p2pvVbqttLQNsMIC5t9GSyWlfCBoFPqffXsm ++XVkXuy3k8zAjrdL3rGx5/+c5wlYfVAzz/q3rUR+mFEPQKgkvHKUFy0ubG0Wp/dBI ++KZ+vkK+CK0NToKAdXv8G3TfCefw9dI/Nzy2j/wxlUFapFwnZocPXUlgQd52mdCsX ++ACqZ5imBZcNQzwcEKTr2jen2l+NE2CKs8nJFVwcSlsFPqEB+7Yh1GwZik1wmBxrT ++PwPMrTk1u9CqttF7aTZBHjn++e4TkqrQs1J04s0LjdvzNVaEcUfPPiTH+68KpMwj ++NcAuMC6BV3L42Cald1HocD18s07VPcqiUwIBAg== ++-----END DH PARAMETERS----- ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEAo+GoaemZ9KjBgLgwGZuObOQ/hQSoK1Aka/fPoSk3ECokqb0KeeI4 ++Ai8YVup6WIJigf//UTZFgHXENUsJM3sSTKHe5l7LtQIkb2oPQFfzTpp2OOMceRkK ++eXpgDYBct0T0KDAJXV4uB+l6PZfL4cOLfSMNCKTg2ptGGLbbqYPLd7LNwudpe1wO ++0KB1GFEkB2ZEPTIkQx2W1ia5EHta5zlXRqa962Rbo1t5fdiM3whVTqlgKNNC5/zv ++wH7vHqyJyqVOKQyjXPsT95iBTo1GsXRz8oLXchrTybs7yfilve1eTCnQKfiZHqKw ++50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ== ++-----END DH PARAMETERS----- ++ ++# 4096-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn ++AqOjSEyDuoNx8KC6mZF5HKBoQ+nDeJ3O4y4NnZj1MaEFViu3a7XXu6Ff/fLB2nl+ ++E1ryt9vk6d9GNgOF+JfB40SYsPnfX0FHd/MqJh4KQbkWoPzgfK4bgxNZUmdtFxbP ++9jO0t08nEoBGAL6a6nx7AN/mSgdOh/CEjNP7xKGTuNLv0Lq3FAAJ4e0PDjFYb9TI ++KRcwVIYpqt/DmN1+hCQ8O9GaC8gs99Gqyi4G6Iowq7oMqV8KRNdTNnfD1t3SjupE ++xFTUeBw5FiB/44Vwjiahz0PJVQggrAUadqCrqOi1k/C7z/UpwOvpBVz5162p633H ++XntMUzmi0JoomT+nR5je6wlJnpcvOeIn21rLOwkXDWmzrb1J7KYxnEa0F3fEck4P ++V9L/dICTCBiTSq9bQGjCy6Mtc0pbW8AkhpoBtmJGhsB0+t6J5nLrleD68ePPEC1e ++4kRPc3cJJPIvbMNxXPCYwjsP+AQcbxYvOlPPyDeWNj7AWQjMIAEOpBw76itfy7JP ++o+Wz5EkpUtvK9Zqo4E8719U9R0aIVhsn+DX5l5Z8XKU8wZjUwK/Fg2tIVq8tXi7/ ++WuXBUe8mHU+7bUQR1GRgBaLYiOERkNS87MPtbQ4I/pmfx63HIfOj67sCAQI= ++-----END DH PARAMETERS----- ++ ++# 6144-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIDCAKCAwEA7WbPJRW6ZqHQQo6DFNV/exYBDYXTgHI8sOtX4ZsmckeLnn4MNWDx ++rHymGA6EJqz7Iu3tlPqrZnAe/mOXJZVnWMdDrXaqufXCWA1GA1nOBsX2zjEAA4Yr ++kOtE2JyNQ647gVWkZlAPNB1f0Tt4wuR2jvzMYmV+mcMfxurBoOhki7SibHs2UEvb ++iFwJQM11b5W5NRQZpKnIpU6hWPGZMkSIBX7sIoMX9y/a0BVFqAXS8rLgmWh5RcQu ++WqZPyZWHh+ctKaR3YPHyxX1kKUdFMxZVwXmnDJJeeT7NiNZd5OSJ5Z26XBoZufED ++kzvpWigSJmMmfKXaGcxExrizRSBjjAPhc784yXZcnwR2nJB3svvuCnbfO6aoIbVF ++78FtqXFiKd75mGTrPTdgfQH3OdjTaFZUp5JScpCfNwtDaWtvbgQ5x8dfxHcu/7CL ++W9SeEvlCOwWiFvd0BkE4kRElUIzzLh0ufHHEhywkVGZIicL1qz+eeeTX8V6FmdRC ++u2xHK5VtT2/yTMtDA48J5H7YTrSOiC+kgmaud5EAhxMidg4QqJa8jZYJIZpvwsEw ++AC3mUv36RkJIhuePybaoa1U1TwSWwGg2dHqidQ6gXv0t+AXxxicKFBiKKMN7DxKo ++DgA5asnrUv4Z/bfMU4yGgU3gkiJ7Sczra5N6UEJhCBScBbCI+KUXSsWpeZd2dwim ++ELxyC2Da7wIYqJhe9KYRXOoauRUy+LMBzwbKQ7nS2Abw5zON5ANlR/KJJ4H+D19+ ++LN7WDc1Z8SoF59wbboAmNKjTuUV3Whh0GZuxnd88Fw7DoSWIMe++DoxIvdCRwrFz ++Ra/20ZCi99N96IX4r0WocACIG4ukPUInsup2qxMS7757gzcabD2T24irn9N9aJDf ++BefKcId/iJBFRK/loSOXT4jcyTWQqID+spA9VhIcuGEBir21R29fU9fActctWOby ++URKTuULh6Wqaf46B4suoL8jmvtyEJIwZ6zzD7mWLKv1665UD9SbKciKoy2CQ+AfC ++wnKl1+O4DPcbAgEC ++-----END DH PARAMETERS----- ++ ++# 8192-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM ++oKeZ5QvXE8ZWk5Alnw1phfe7yDZan4BVqJ7U00w+jaUy5Y8Tmo34uSTTRX61dpYS ++vBZsSTUEkteqWBbVQRz4l1NQ9eTVXchGAJeL9JzlUFZQbwUXfQPf95wg7y56jcqK ++fYjqQWZZgpsxFyn/MFOq7+HQeLYGqRbA1wnKkKTF8ERH16PjChsnjA1i6rH5Tb9C ++k0rpIYkZGj2pPoiNoWBEiJagYbt7XjnMGX8UPsQW8ImzoW+JIGUAHCzFZSnFp5eE ++ZCL7Q7T8Z3/9RAxHhDUh8bxhWsd9K1pGZ9XYCF4b4TKBsc6GCCmhApgbcTE3/BOO ++qLc0tu3sl75GU3wGMpiw97J8SO4LIgMKH5f+g30YBYXPY7z1Msytf6lVKrC8Lzxi ++h69nckj9QjtPY4lYHH0q7K3bq4yuQob4EPF9WBrMzWw2roH6Jv8clc9gDcqzqBkk ++zn2pKDlR2rFQ955O8A1/yjLIc21T+JwmpYYF7agRZcertzHipyoRkTfS08yQQJjg ++cKovqCueVqBNZQvogJKzJRIs5YNQX7i25bH/4JPOG1YIiV7AQ41FQLItbsnB6qS+ ++U/AzGLH/hd+y2fYsHFCLdNIbsvpmPiyEwJBMCtJ6YDSu3CqMhg4YddR0X9UszIhV ++6wo/IhjNJur5AxYmVANjTyVgP48wDGwZN1V6KyCSYLjQk/tt/PY2CybRAON2ac8B ++ud5RN0PT7vJcw6EiE5gv/IB5dNIllhqAcjBx/lbbc08uwjN+5LN/MWCIy2CyZCOz ++wj3Pzqvl9QfFSFLTKFXMzxQcCKNrBmQL0t0n4X2YAD4ZJPiT/sRYQ8twXpmtKcmr ++reXQdxuphB5XRfkawT7yJBVWKAxYiVWRfAqNHs8gjt967YK7nV7Xt0wwb+r9N79/ ++rYqJFtXiGV/Z8/pUfCSAUoe79NftuzV7AH9C2gMOo7iP6uOeevv7oAlOnjpoOcRl ++UnHTC4mZU5JvOF3Nbu/KRvwbX4B+mqq+O47OQm3tvNoACejMYihMlT48G2wgB5bb ++0QJ8BxmgpLL4P+K1tZsvu0V5oRHkQ10QTFFsPddwGA+8Vw74dYXT+41RQBNpWgP+ ++j/zRPUAXCl3FPQ/Hj7hMnBHPQc0HWaQF7XvQzAsWj8EtvyiqZoR4mIkGHOxGCV79 ++/2Ko2JCsWLqo3y9dwX09Pf2pPhBUeX1GWfCTZGEerLch/I3Cihf9JQHQ03H6gMRM ++FSRogNR62d2YmBjZM/xwWdBjpLdWNLuPRnYnbwJXs30R/oQY55iRdZdjvwPQl2uR ++9ubWhepIOmE7t5+1o0JiA3x1TX82NHwsGwIBAg== + -----END DH PARAMETERS----- +--- contrib/mod_sftp/kex.c ++++ contrib/mod_sftp/kex.c +@@ -2007,7 +2007,7 @@ static int write_dh_reply(struct ssh2_pa + } + + /* XXX Is this large enough? Too large? */ +- buflen = bufsz = 4096; ++ buflen = bufsz = 8192; + ptr = buf = palloc(pkt->pool, bufsz); + + sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_KEX_DH_REPLY); +@@ -2385,7 +2385,7 @@ static int write_dh_gex_group(struct ssh + } + + /* XXX Is this large enough? Too large? */ +- buflen = bufsz = 1024; ++ buflen = bufsz = 2048; + ptr = buf = palloc(pkt->pool, bufsz); + + sftp_msg_write_byte(&buf, &buflen, SFTP_SSH2_MSG_KEX_DH_GEX_GROUP); +--- contrib/mod_sftp/mac.c ++++ contrib/mod_sftp/mac.c +@@ -69,6 +69,9 @@ static HMAC_CTX write_ctxs[2]; + + static size_t mac_blockszs[2] = { 0, 0 }; + ++/* Buffer size for reading/writing keys */ ++#define SFTP_MAC_BUFSZ 1536 ++ + static unsigned int read_mac_idx = 0; + static unsigned int write_mac_idx = 0; + +@@ -374,7 +377,7 @@ int sftp_mac_set_read_key(pool *p, const + mac = &(read_macs[read_mac_idx]); + mac_ctx = &(read_ctxs[read_mac_idx]); + +- bufsz = buflen = 1024; ++ bufsz = buflen = SFTP_MAC_BUFSZ; + ptr = buf = sftp_msg_getbuf(p, bufsz); + + /* Need to use SSH2-style format of K for the key. */ +@@ -579,7 +582,7 @@ int sftp_mac_set_write_key(pool *p, cons + mac = &(write_macs[write_mac_idx]); + mac_ctx = &(write_ctxs[write_mac_idx]); + +- bufsz = buflen = 1024; ++ bufsz = buflen = SFTP_MAC_BUFSZ; + ptr = buf = sftp_msg_getbuf(p, bufsz); + + /* Need to use SSH2-style format of K for the key. */ diff --git a/proftpd-sftp-dh7680-bug4002.patch b/proftpd-sftp-dh7680-bug4002.patch new file mode 100644 index 0000000..f528f48 --- /dev/null +++ b/proftpd-sftp-dh7680-bug4002.patch @@ -0,0 +1,68 @@ +Index: contrib/mod_sftp/dhparams.pem +=================================================================== +RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/dhparams.pem,v +retrieving revision 1.2 +diff -u -r1.2 dhparams.pem +--- contrib/mod_sftp/dhparams.pem 14 Jan 2013 22:19:05 -0000 1.2 ++++ contrib/mod_sftp/dhparams.pem 20 Dec 2013 18:09:45 -0000 +@@ -5,7 +5,7 @@ + # + # The file was generated using the following OpenSSL command: + # +-# openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem ++# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem + # + # Note that these DH parameters should be refreshed every so often (e.g. + # every few years). These parameters were last updated on 2013-01-14. +@@ -83,6 +83,19 @@ + 50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ== + -----END DH PARAMETERS----- + ++# 3072-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIBiAKCAYEA0kEgFEhmtqWiDoykb2ptlZQ3hcB6MP5Bd1mDDjG38j1MFWV6Uaj8 ++T4y3tGUntQ0H/OJ8GEueL9OS9q2NU67GJ/XjtoXDVmZOdzYwN3Lr52/RnwLdUCH9 ++MZjbXJYoqDJyXSHIFd40fRUkzZRYN6HZTkDad6wsoBgibe3gRvEzp7nBIJlDZy85 ++9hmLJHJNGqgIpOTbX9AUNGVSAHEINx6kKX0c1/Kc5nhCytqRdYLnwqeryMdlZ4N0 ++qlG8KJum0A8mEpgvUM5D0BLTbjkKgOoORsfrhzykqfxUrv+Pwcb/6UBbPSR99OSZ ++nFBlP3xSTl1WucWNmeZ3o2lZF4H/WosuoiVsPtO3aKYiLEhRxJiQOrMzVnSOdTR7 ++d3Sg8a+ufSyccCCjOHssRKk//qoiUpN5R53/lxpUrfl+cJXGuvp+4EM+mfRDKCo7 ++FTTaU2QFkF9A7dddwsABZQeqcADVN7T6L8/AIF66mwH7nvaJeNenTUqZTR+i8Doe ++V/QbD1cYDtHzAgEC ++-----END DH PARAMETERS----- ++ + # 4096-bit DH group params + -----BEGIN DH PARAMETERS----- + MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn +@@ -119,6 +132,31 @@ + wnKl1+O4DPcbAgEC + -----END DH PARAMETERS----- + ++# 7680-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIDyAKCA8EAmMxFUnXytlC9fIDwSgeG9cM+nqvPDufhOvzVwXXyKutq2rT+b8Iq ++A/rTbvRLro1XpJedzS83HNfsHeCfKC6L5vMAT2rkOSAVjQCBs9/HfdzDXtU6QEqG ++GDW6psiGNkgCahNKVxw1+kgKdnQc5sSKsK0iFXGdXFdaebWYN2yRFH8O+yWC/TQk ++BVc3c6d+Bo1H7VTRJkKz6duL/GRmFVdznhTU8yx+oydfOAjkxNsMaX+/cuTbqcUN ++LJm/g1tKVSw+1mvY9f4q1/B+hV8QxpbfcN8nYrye1+dmAPj/x+T1rfFVXMfQP4Ok ++p0IKom5Esc7e5LZsGqngRl9e6gXgDM+hMX6w7XU/bvaKugBKTNj8PAugIFrsrybR ++voB1bQynUEId1/q7c9soEicwEbGEiZ26LyaPHenAm1j8940Bp63SgiCfuCoEJAda ++A9DWq9idP4eKECFTlt6j3UPs45if3SfkWf6KleZAO8e1LHSkLuRaZpHPzLaZ6zbE ++bA8m8rdOhkbTkTNfVbEa0jTI8Ag4cq5LrMFSiPLRVVQadQzepBB0pv7F4UsqQwzU ++b7FEwBm5xWQG+AlOugc1kZdgcSMdu4C2BhaKOe3xH1SfwEHZSxz3yKtxGcdIcSD3 ++RTUQdX0/Yjj8Ia9asC+pZmbS2MGPehQdIvUmWMGeQkwLXz7bBVFBuOei8hkPnRwJ ++ItihKSkZB0fk2olVmYzJwY4VOnfL1EWk6jKbndYBsJE0h/J3lO/xmMGaVmPhINQE ++0kJipmRpqT9sEmghCmYTH5pjymnuOXEIDuAjjNxsaAAuGF9h2jlnAHQimQq3Kch1 ++Hwlkb6R2T1XSizA838oLvqmyLOhYzHVVCnqq6DG9W7AAdaouL4tjNFNs9afsR3KG ++H71IiS9+rv7u0m0dYrdRmpx6iXAIASTwhld2IFDyiUPeLYL2Jt9WPHdSA0aySF+7 ++z/ntskV5soDIlUYQDZeKLuk2Lw+AMEbNgifCm7bLARm/fI9+c+IaBLE+e+zm+puO ++UHYcWy75NQG8zT2RICuHvvIUkHhgtIDk7K/1AscCDVCgMTYtwMF16nJe+6Omn8TT ++iQQZp76zZoTqjTRDLC9NszXxuewCi8JuklDyubPrqLTeM32bCZwjibPzL/O2NsGY ++0N7AbX7nnBKrAhibA9wdBJpQUrjT2SfEZGHYPA0U24Cm8JKBRu6WHdGH97gwH9bY ++ST5JTdXGPimZanmzidsGqLla4VxWGx+BWMLwXQtLaypHGfDFXHVpMY9KROGmtzsD ++OcXDR4ullYdbAgEC ++-----END DH PARAMETERS----- ++ + # 8192-bit DH group params + -----BEGIN DH PARAMETERS----- + MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM diff --git a/proftpd.spec b/proftpd.spec index 4a383e4..e19aed9 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -41,7 +41,7 @@ %define _hardened_build 1 #global prever rc3 -%global rpmrel 4 +%global rpmrel 5 Summary: Flexible, stable and highly-configurable FTP server Name: proftpd @@ -72,6 +72,8 @@ Patch24: proftpd-1.3.4a-bug3745.patch Patch25: proftpd-1.3.4a-bug3746.patch Patch27: proftpd-mod-vroot-0.9.2-bug3841.patch Patch28: proftpd-1.3.4d-bug3973.patch +Patch29: proftpd-1.3.4d-bz1044586.patch +Patch30: proftpd-sftp-dh7680-bug4002.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(preun): coreutils, findutils %if %{use_systemd} @@ -241,6 +243,13 @@ cp -p %{SOURCE1} proftpd.conf # http://bugs.proftpd.org/show_bug.cgi?id=3973 %patch28 +# Fix support for 8192-bit DH parameters (#1044586) +%patch29 + +# Add 3072-bit and 7680-bit DH parameters +# http://bugs.proftpd.org/show_bug.cgi?id=4002 +%patch30 + # Avoid documentation name conflicts mv contrib/README contrib/README.contrib @@ -537,6 +546,10 @@ fi %{_mandir}/man1/ftpwho.1* %changelog +* Fri Dec 20 2013 Paul Howarth 1.3.4d-5 +- Fix support for 8192-bit DH parameters (#1044586) +- Add 3072-bit and 7680-bit DH parameters (upstream bug 4002) + * Sat Sep 14 2013 Paul Howarth 1.3.4d-4 - Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication (#1007678, upstream bug #3973, CVE-2013-4359)