libssh: bump to 0.7.6 CVE-2018-10933 fix
Bump from 0.7.5 to 0.7.6. Upstream changelog: Fixed CVE-2018-10933 Added support for OpenSSL 1.1 Added SHA256 support for ssh_get_publickey_hash() Fixed config parsing Fixed random memory corruption when importing pubkeys Backported upstream patches since 0.7.6 to fix interactive authentication issues amongst other things: 9d5cf209 libcrypto: Fix memory leak in evp_final() 10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID) 7ad80ba1 server: Fix compile error acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint 3fe7510b messages: Check that the requested service is 'ssh-connection' 734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive) e4c6d591 packet: Add missing break in ssh_packet_incoming_filter() f81ca616 misc: Add strndup implementation if not provides by the OS Refresh patches. Remove local backport for OpenSSL 1.1 support as is now in release Remove PKG_INSTALL & CMAKE vars that are defaulted anyway Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking Remove BROKEN tag as is no longer broken Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This commit is contained in:
parent
29eac13d8f
commit
72096874d0
|
@ -11,17 +11,18 @@ PKG_LICENSE:=LGPL-2.1+ BSD-2-Clause
|
|||
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
|
||||
|
||||
PKG_NAME:=libssh
|
||||
PKG_VERSION:=0.7.5
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=0.7.6
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=https://red.libssh.org/attachments/download/218/
|
||||
PKG_HASH:=54e86dd5dc20e5367e58f3caab337ce37675f863f80df85b6b1614966a337095
|
||||
PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/
|
||||
PKG_HASH:=1d607d3859274f755942324afb0f887ee22edd157f9596a2e69e3a28ec6d1092
|
||||
|
||||
PKG_CPE_ID:=cpe:/a:libssh:libssh
|
||||
|
||||
CMAKE_INSTALL:=1
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_INSTALL:=1
|
||||
PKG_USE_MIPS16:=0
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
@ -32,7 +33,7 @@ define Package/libssh
|
|||
CATEGORY:=Libraries
|
||||
URL:=$(PKG_SOURCE_URL)
|
||||
TITLE:=SSH library
|
||||
DEPENDS:=+libpthread +librt +zlib +libopenssl @BROKEN
|
||||
DEPENDS:=+libpthread +librt +zlib +libopenssl
|
||||
endef
|
||||
|
||||
define Package/libssh/description
|
||||
|
@ -41,8 +42,6 @@ define Package/libssh/description
|
|||
endef
|
||||
|
||||
CMAKE_OPTIONS = \
|
||||
-DCMAKE_INSTALL_PREFIX:PATH=/usr \
|
||||
-DCMAKE_BUILD_TYPE:STRING=Release \
|
||||
-DHAVE_STRTOULL=1 \
|
||||
-DHAVE_GETADDRINFO=1 \
|
||||
-DHAVE_TERMIOS_H=1 \
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
From f81ca6161223e3566ce78a427571235fb6848fe9 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 29 Aug 2018 18:41:15 +0200
|
||||
Subject: [PATCH 1/8] misc: Add strndup implementation if not provides by the
|
||||
OS
|
||||
|
||||
Fixes T112
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
ConfigureChecks.cmake | 1 +
|
||||
config.h.cmake | 3 +++
|
||||
include/libssh/priv.h | 4 ++++
|
||||
src/misc.c | 21 +++++++++++++++++++++
|
||||
4 files changed, 29 insertions(+)
|
||||
|
||||
--- a/ConfigureChecks.cmake
|
||||
+++ b/ConfigureChecks.cmake
|
||||
@@ -115,6 +115,7 @@ endif (NOT WITH_GCRYPT)
|
||||
|
||||
check_function_exists(isblank HAVE_ISBLANK)
|
||||
check_function_exists(strncpy HAVE_STRNCPY)
|
||||
+check_function_exists(strndup HAVE_STRNDUP)
|
||||
check_function_exists(strtoull HAVE_STRTOULL)
|
||||
|
||||
if (NOT WIN32)
|
||||
--- a/config.h.cmake
|
||||
+++ b/config.h.cmake
|
||||
@@ -103,6 +103,9 @@
|
||||
/* Define to 1 if you have the `strncpy' function. */
|
||||
#cmakedefine HAVE_STRNCPY 1
|
||||
|
||||
+/* Define to 1 if you have the `strndup' function. */
|
||||
+#cmakedefine HAVE_STRNDUP 1
|
||||
+
|
||||
/* Define to 1 if you have the `cfmakeraw' function. */
|
||||
#cmakedefine HAVE_CFMAKERAW 1
|
||||
|
||||
--- a/include/libssh/priv.h
|
||||
+++ b/include/libssh/priv.h
|
||||
@@ -43,6 +43,10 @@
|
||||
# endif
|
||||
#endif /* !defined(HAVE_STRTOULL) */
|
||||
|
||||
+#if !defined(HAVE_STRNDUP)
|
||||
+char *strndup(const char *s, size_t n);
|
||||
+#endif /* ! HAVE_STRNDUP */
|
||||
+
|
||||
#ifdef HAVE_BYTESWAP_H
|
||||
#include <byteswap.h>
|
||||
#endif
|
||||
--- a/src/misc.c
|
||||
+++ b/src/misc.c
|
||||
@@ -1028,6 +1028,27 @@ int ssh_match_group(const char *group, c
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#if !defined(HAVE_STRNDUP)
|
||||
+char *strndup(const char *s, size_t n)
|
||||
+{
|
||||
+ char *x = NULL;
|
||||
+
|
||||
+ if (n + 1 < n) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ x = malloc(n + 1);
|
||||
+ if (x == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ memcpy(x, s, n);
|
||||
+ x[n] = '\0';
|
||||
+
|
||||
+ return x;
|
||||
+}
|
||||
+#endif /* ! HAVE_STRNDUP */
|
||||
+
|
||||
/** @} */
|
||||
|
||||
/* vim: set ts=4 sw=4 et cindent: */
|
|
@ -0,0 +1,24 @@
|
|||
From e4c6d591df6a9c34c1ff3ec9f367c7257122bef3 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 17 Oct 2018 07:23:10 +0200
|
||||
Subject: [PATCH 2/8] packet: Add missing break in ssh_packet_incoming_filter()
|
||||
|
||||
CID 1396239
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/packet.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/src/packet.c
|
||||
+++ b/src/packet.c
|
||||
@@ -285,6 +285,7 @@ static enum ssh_packet_filter_result_e s
|
||||
(session->dh_handshake_state != DH_STATE_FINISHED))
|
||||
{
|
||||
rc = SSH_PACKET_DENIED;
|
||||
+ break;
|
||||
}
|
||||
|
||||
rc = SSH_PACKET_ALLOWED;
|
|
@ -0,0 +1,24 @@
|
|||
From 734e3ce6747a5ed120b93a1ff253b3fde5f20024 Mon Sep 17 00:00:00 2001
|
||||
From: Meng Tan <mtan@wallix.com>
|
||||
Date: Wed, 17 Oct 2018 14:50:08 +0200
|
||||
Subject: [PATCH 3/8] server: Set correct state after sending INFO_REQUEST (Kbd
|
||||
Interactive)
|
||||
|
||||
Signed-off-by: Meng Tan <mtan@wallix.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/server.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -976,6 +976,7 @@ int ssh_message_auth_interactive_request
|
||||
msg->session->kbdint->prompts = NULL;
|
||||
msg->session->kbdint->echo = NULL;
|
||||
}
|
||||
+ msg->session->auth.state = SSH_AUTH_STATE_INFO;
|
||||
|
||||
return rc;
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
From 3fe7510b261098e3937ab5417935916a46e6727b Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Fri, 19 Oct 2018 11:40:44 +0200
|
||||
Subject: [PATCH 4/8] messages: Check that the requested service is
|
||||
'ssh-connection'
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/messages.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
--- a/src/messages.c
|
||||
+++ b/src/messages.c
|
||||
@@ -649,6 +649,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
|
||||
ssh_message msg = NULL;
|
||||
char *service = NULL;
|
||||
char *method = NULL;
|
||||
+ int cmp;
|
||||
int rc;
|
||||
|
||||
(void)user;
|
||||
@@ -675,6 +676,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
|
||||
service, method,
|
||||
msg->auth_request.username);
|
||||
|
||||
+ cmp = strcmp(service, "ssh-connection");
|
||||
+ if (cmp != 0) {
|
||||
+ SSH_LOG(SSH_LOG_WARNING,
|
||||
+ "Invalid service request: %s",
|
||||
+ service);
|
||||
+ goto end;
|
||||
+ }
|
||||
|
||||
if (strcmp(method, "none") == 0) {
|
||||
msg->auth_request.method = SSH_AUTH_METHOD_NONE;
|
|
@ -0,0 +1,72 @@
|
|||
From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 17 Oct 2018 17:32:54 +0200
|
||||
Subject: [PATCH 5/8] examples: Explicitly track auth state in
|
||||
samplesshd-kbdint
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
examples/samplesshd-kbdint.c | 20 ++++++++++++++++----
|
||||
1 file changed, 16 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/examples/samplesshd-kbdint.c
|
||||
+++ b/examples/samplesshd-kbdint.c
|
||||
@@ -23,6 +23,7 @@ clients must be made or how a client sho
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
+#include <stdbool.h>
|
||||
|
||||
#define SSHD_USER "libssh"
|
||||
#define SSHD_PASSWORD "libssh"
|
||||
@@ -36,6 +37,7 @@ clients must be made or how a client sho
|
||||
#endif
|
||||
|
||||
static int port = 22;
|
||||
+static bool authenticated = false;
|
||||
|
||||
#ifdef WITH_PCAP
|
||||
static const char *pcap_file = "debug.server.pcap";
|
||||
@@ -61,11 +63,20 @@ static void cleanup_pcap(void) {
|
||||
#endif
|
||||
|
||||
|
||||
-static int auth_password(const char *user, const char *password){
|
||||
- if(strcmp(user, SSHD_USER))
|
||||
+static int auth_password(const char *user, const char *password)
|
||||
+{
|
||||
+ int cmp;
|
||||
+
|
||||
+ cmp = strcmp(user, SSHD_USER);
|
||||
+ if (cmp != 0) {
|
||||
return 0;
|
||||
- if(strcmp(password, SSHD_PASSWORD))
|
||||
+ }
|
||||
+ cmp = strcmp(password, SSHD_PASSWORD);
|
||||
+ if (cmp != 0) {
|
||||
return 0;
|
||||
+ }
|
||||
+
|
||||
+ authenticated = true;
|
||||
return 1; // authenticated
|
||||
}
|
||||
#ifdef HAVE_ARGP_H
|
||||
@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ authenticated = true;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -328,7 +340,7 @@ int main(int argc, char **argv){
|
||||
|
||||
/* proceed to authentication */
|
||||
auth = authenticate(session);
|
||||
- if(!auth){
|
||||
+ if (!auth || !authenticated) {
|
||||
printf("Authentication error: %s\n", ssh_get_error(session));
|
||||
ssh_disconnect(session);
|
||||
return 1;
|
|
@ -0,0 +1,22 @@
|
|||
From 7ad80ba1cc48f7af1f192692d100a6255d97b843 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 24 Oct 2018 19:57:17 +0200
|
||||
Subject: [PATCH 6/8] server: Fix compile error
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/server.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -976,7 +976,7 @@ int ssh_message_auth_interactive_request
|
||||
msg->session->kbdint->prompts = NULL;
|
||||
msg->session->kbdint->echo = NULL;
|
||||
}
|
||||
- msg->session->auth.state = SSH_AUTH_STATE_INFO;
|
||||
+ msg->session->auth_state = SSH_AUTH_STATE_INFO;
|
||||
|
||||
return rc;
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
From 103973215443f6e02e010114a3f7ac19eb6f3c8c Mon Sep 17 00:00:00 2001
|
||||
From: Meng Tan <mtan@wallix.com>
|
||||
Date: Thu, 25 Oct 2018 17:06:06 +0200
|
||||
Subject: [PATCH 7/8] gssapi: Set correct state after sending GSSAPI_RESPONSE
|
||||
(select mechanism OID)
|
||||
|
||||
Signed-off-by: Meng Tan <mtan@wallix.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/gssapi.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/src/gssapi.c
|
||||
+++ b/src/gssapi.c
|
||||
@@ -120,6 +120,7 @@ static int ssh_gssapi_send_response(ssh_
|
||||
ssh_set_error_oom(session);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
+ session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN;
|
||||
|
||||
packet_send(session);
|
||||
SSH_LOG(SSH_LOG_PACKET,
|
|
@ -0,0 +1,24 @@
|
|||
From 9d5cf209df4c260546e1468cc15fbbbfba3097c6 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Sat, 27 Oct 2018 22:15:56 +0200
|
||||
Subject: [PATCH 8/8] libcrypto: Fix memory leak in evp_final()
|
||||
|
||||
Fixes T116
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b)
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/libcrypto.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/src/libcrypto.c
|
||||
+++ b/src/libcrypto.c
|
||||
@@ -165,6 +165,7 @@ void evp_update(EVPCTX ctx, const void *
|
||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
|
||||
{
|
||||
EVP_DigestFinal(ctx, md, mdlen);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
}
|
||||
#endif
|
||||
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
set(PACKAGE ${APPLICATION_NAME})
|
||||
set(VERSION ${APPLICATION_VERSION})
|
||||
@@ -270,6 +269,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
@@ -272,6 +271,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
|
||||
# ENDIAN
|
||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue