diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/libssh2/APKBUILD | 13 | ||||
-rw-r--r-- | system/libssh2/CVE-2019-17498.patch | 210 | ||||
-rw-r--r-- | system/libssh2/fix-tests.patch | 11 | ||||
-rw-r--r-- | system/libssh2/test-sshd.patch | 2 |
4 files changed, 19 insertions, 217 deletions
diff --git a/system/libssh2/APKBUILD b/system/libssh2/APKBUILD index 010c6834d..67d985744 100644 --- a/system/libssh2/APKBUILD +++ b/system/libssh2/APKBUILD @@ -1,8 +1,8 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libssh2 -pkgver=1.9.0 -pkgrel=1 +pkgver=1.10.0 +pkgrel=0 pkgdesc="Library for accessing SSH servers" url="https://libssh2.org/" arch="all" @@ -12,7 +12,8 @@ makedepends="openssl-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc" source="https://www.libssh2.org/download/libssh2-$pkgver.tar.gz test-sshd.patch - CVE-2019-17498.patch" + fix-tests.patch + " # secfixes: # 1.9.0-r1: @@ -39,6 +40,6 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17 libssh2-1.9.0.tar.gz -eef3c43184d53a3c655915ad61d182a88d9cced75ba8f8dde73ccf771ff4aeaa0f26e95aeb53601d7c47d96a2421c98678e9baf497f3883faa4427a091eea62c test-sshd.patch -102542a2023d53f7684c99a89fa4c592ee4ababc09bc174c52cd20f7f21b4c5878a89bae7e20c3438490666b7b0758caba5cf82c2b2965e1e58e02d5c1f4ea47 CVE-2019-17498.patch" +sha512sums="e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30 libssh2-1.10.0.tar.gz +d6d4dfcd96bfa08210ecfb94c71624e011f294bab0b88548f41caff48283c2102ff012a6a6e71a100aa1d6430c8470fc0175449f31ae4583b6f8cfa224983603 test-sshd.patch +d075765062e3ffefb90902c9644ecde17f9bb39eac8ab5759370a26206f5804cb71b8b2d9b8d3ce9989c209bc36483dbc25f894f8c0ec9081aaef1a489c048df fix-tests.patch" diff --git a/system/libssh2/CVE-2019-17498.patch b/system/libssh2/CVE-2019-17498.patch deleted file mode 100644 index a908c9974..000000000 --- a/system/libssh2/CVE-2019-17498.patch +++ /dev/null @@ -1,210 +0,0 @@ -From b9aa7c2495694d0527e4e7fd560a3f0f18556c72 Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Thu, 29 Aug 2019 15:14:19 -0700 -Subject: [PATCH 1/5] packet.c: improve parsing of packets - -file: packet.c - -notes: -Use _libssh2_get_string API in SSH_MSG_DEBUG, additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST ---- - src/packet.c | 30 +++++++++++++++--------------- - 1 file changed, 15 insertions(+), 15 deletions(-) - -diff --git a/src/packet.c b/src/packet.c -index 38ab6294..ac69768c 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -537,26 +537,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - case SSH_MSG_DEBUG: - if(datalen >= 2) { - int always_display = data[1]; -- -+ - if(datalen >= 6) { -- message_len = _libssh2_ntohu32(data + 2); -- -- if(message_len <= (datalen - 10)) { -- /* 6 = packet_type(1) + display(1) + message_len(4) */ -- message = (char *) data + 6; -- language_len = _libssh2_ntohu32(data + 6 + -- message_len); -- -- if(language_len <= (datalen - 10 - message_len)) -- language = (char *) data + 10 + message_len; -- } -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr += 2; /* advance past type & always display */ -+ -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - } - - if(session->ssh_msg_debug) { -- LIBSSH2_DEBUG(session, always_display, message, -- message_len, language, language_len); -+ LIBSSH2_DEBUG(session, always_display, -+ (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } - } -+ - /* - * _libssh2_debug will actually truncate this for us so - * that it's not an inordinate about of data -@@ -579,7 +579,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - uint32_t len = 0; - unsigned char want_reply = 0; - len = _libssh2_ntohu32(data + 1); -- if(datalen >= (6 + len)) { -+ if((len <= (UINT_MAX - 6) && (datalen >= (6 + len))) { - want_reply = data[5 + len]; - _libssh2_debug(session, - LIBSSH2_TRACE_CONN, - -From 8b3cf0b17c1b84a138bed9423a9e0743452b4de9 Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Thu, 29 Aug 2019 15:15:33 -0700 -Subject: [PATCH 2/5] stray whitespace - ---- - src/packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/packet.c b/src/packet.c -index ac69768c..8908b2c5 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -537,7 +537,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - case SSH_MSG_DEBUG: - if(datalen >= 2) { - int always_display = data[1]; -- -+ - if(datalen >= 6) { - struct string_buf buf; - buf.data = (unsigned char *)data; - -From 1c6fa92b77e34d089493fe6d3e2c6c8775858b94 Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Thu, 29 Aug 2019 15:24:22 -0700 -Subject: [PATCH 3/5] fixed type issue, updated SSH_MSG_DISCONNECT - -SSH_MSG_DISCONNECT now also uses _libssh2_get API. ---- - src/packet.c | 40 +++++++++++++++------------------------- - 1 file changed, 15 insertions(+), 25 deletions(-) - -diff --git a/src/packet.c b/src/packet.c -index 8908b2c5..97f0cdd4 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - size_t datalen, int macstate) - { - int rc = 0; -- char *message = NULL; -- char *language = NULL; -+ unsigned char *message = NULL; -+ unsigned char *language = NULL; - size_t message_len = 0; - size_t language_len = 0; - LIBSSH2_CHANNEL *channelp = NULL; -@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - - case SSH_MSG_DISCONNECT: - if(datalen >= 5) { -- size_t reason = _libssh2_ntohu32(data + 1); -+ uint32_t reason = 0; -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr++; /* advance past type */ - -- if(datalen >= 9) { -- message_len = _libssh2_ntohu32(data + 5); -+ _libssh2_get_u32(&buf, &reason); -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - -- if(message_len < datalen-13) { -- /* 9 = packet_type(1) + reason(4) + message_len(4) */ -- message = (char *) data + 9; -- -- language_len = -- _libssh2_ntohu32(data + 9 + message_len); -- language = (char *) data + 9 + message_len + 4; -- -- if(language_len > (datalen-13-message_len)) { -- /* bad input, clear info */ -- language = message = NULL; -- language_len = message_len = 0; -- } -- } -- else -- /* bad size, clear it */ -- message_len = 0; -- } - if(session->ssh_msg_disconnect) { -- LIBSSH2_DISCONNECT(session, reason, message, -- message_len, language, language_len); -+ LIBSSH2_DISCONNECT(session, reason, (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } -+ - _libssh2_debug(session, LIBSSH2_TRACE_TRANS, - "Disconnect(%d): %s(%s)", reason, - message, language); - -From 77616117cc9dbbdd0fe1157098435bff73a83a0f Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Thu, 29 Aug 2019 15:26:32 -0700 -Subject: [PATCH 4/5] fixed stray ( - -bad paste ---- - src/packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/packet.c b/src/packet.c -index 97f0cdd4..bd4c39e4 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -569,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - uint32_t len = 0; - unsigned char want_reply = 0; - len = _libssh2_ntohu32(data + 1); -- if((len <= (UINT_MAX - 6) && (datalen >= (6 + len))) { -+ if(len <= (UINT_MAX - 6) && datalen >= (6 + len)) { - want_reply = data[5 + len]; - _libssh2_debug(session, - LIBSSH2_TRACE_CONN, - -From 436c45dc143cadc8c59afac6c4255be332856581 Mon Sep 17 00:00:00 2001 -From: Will Cosgrove <will@panic.com> -Date: Thu, 29 Aug 2019 15:29:00 -0700 -Subject: [PATCH 5/5] added additional parentheses for clarity - ---- - src/packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/packet.c b/src/packet.c -index bd4c39e4..2e01bfc5 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -569,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - uint32_t len = 0; - unsigned char want_reply = 0; - len = _libssh2_ntohu32(data + 1); -- if(len <= (UINT_MAX - 6) && datalen >= (6 + len)) { -+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { - want_reply = data[5 + len]; - _libssh2_debug(session, - LIBSSH2_TRACE_CONN, diff --git a/system/libssh2/fix-tests.patch b/system/libssh2/fix-tests.patch new file mode 100644 index 000000000..29f554991 --- /dev/null +++ b/system/libssh2/fix-tests.patch @@ -0,0 +1,11 @@ +--- libssh2-1.9.0/tests/ssh2.sh.old 2022-04-27 23:22:54.532007741 -0500 ++++ libssh2-1.9.0/tests/ssh2.sh 2022-04-27 23:34:30.501706060 -0500 +@@ -27,6 +27,8 @@ + -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ + -o 'UsePrivilegeSeparation no' \ + -o 'StrictModes no' \ ++ -o 'HostkeyAlgorithms +ssh-rsa' \ ++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ + -D \ + -e \ + $libssh2_sshd_params & diff --git a/system/libssh2/test-sshd.patch b/system/libssh2/test-sshd.patch index 6cc6d711e..5daa8ce00 100644 --- a/system/libssh2/test-sshd.patch +++ b/system/libssh2/test-sshd.patch @@ -10,7 +10,7 @@ --- libssh2-1.9.0/tests/ssh2.c 2019-03-26 08:08:54.000000000 -0500 +++ libssh2-1.9.0/tests/ssh2.c 2019-09-11 19:38:03.782403778 -0500 -@@ -143,20 +143,6 @@ int main(int argc, char *argv[]) +@@ -147,20 +147,6 @@ int main(int argc, char *argv[]) */ libssh2_channel_setenv(channel, "FOO", "bar"); |