rpms
/
libssh2
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.8.0

Browse Source 
- New upstream release 1.8.0
  - Added a basic dockerised test suite
  - crypto: Add support for the mbedTLS backend
  - See RELEASE-NOTES for details of bug fixes
epel9
Paul Howarth 8 years ago
parent 29e2533fad
commit a9c954ed4c
4 changed files with 10 additions and 391 deletions
Show Stats Download Patch File Download Diff File

30
CVE-2016-0787.patch
Unescape View File

@ -1,30 +0,0 @@
From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 11 Feb 2016 13:52:20 +0100
Subject: [PATCH] diffie_hellman_sha1: convert bytes to bits
As otherwise we get far too small numbers.
CVE-2016-0787
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/kex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kex.c b/src/kex.c
index 6349457..e89b36c 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */
- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
exchange_state->ctx);
--
2.7.0

38
libssh2-1.7.0-openssl11-memleak.patch
Unescape View File

@ -1,38 +0,0 @@
From c43eb3bae2b63affe5b16bfdab028a65cdc055db Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 20 Oct 2016 17:22:31 +0200
Subject: [PATCH] Revert "aes: the init function fails when OpenSSL has AES
support"
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
because it caused the compatibility code to call initialization routines
redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
test-suite in Fedora:
88 bytes in 1 blocks are definitely lost in loss record 5 of 8
at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
by 0x72C607D: CRYPTO_zalloc (mem.c:100)
by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
by 0x4E5BB5A: libssh2_init (global.c:49)
---
src/openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openssl.c b/src/openssl.c
index a31e2dd..4f63ef9 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -265,7 +265,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
return ret == 1 ? 0 : 1;
}
-#if LIBSSH2_AES_CTR
+#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
#include <openssl/aes.h>
#include <openssl/evp.h>
--
2.7.4

304
libssh2-1.7.0-openssl11.patch
Unescape View File

@ -1,304 +0,0 @@
commit 64ebfd8182a9b6e637e65c3059e3798e199274b3
Author: Taylor Holberton <taylorcholberton@gmail.com>
Date: Mon Sep 5 06:28:51 2016 -0400
openssl: add OpenSSL 1.1.0 compatibility
diff --git a/src/openssl.c b/src/openssl.c
index b0c695d..a31e2dd 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -66,33 +66,63 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
unsigned long e2len,
const unsigned char *coeffdata, unsigned long coefflen)
{
- *rsa = RSA_new();
+ BIGNUM * e;
+ BIGNUM * n;
+ BIGNUM * d = 0;
+ BIGNUM * p = 0;
+ BIGNUM * q = 0;
+ BIGNUM * dmp1 = 0;
+ BIGNUM * dmq1 = 0;
+ BIGNUM * iqmp = 0;
- (*rsa)->e = BN_new();
- BN_bin2bn(edata, elen, (*rsa)->e);
+ e = BN_new();
+ BN_bin2bn(edata, elen, e);
- (*rsa)->n = BN_new();
- BN_bin2bn(ndata, nlen, (*rsa)->n);
+ n = BN_new();
+ BN_bin2bn(ndata, nlen, n);
if (ddata) {
- (*rsa)->d = BN_new();
- BN_bin2bn(ddata, dlen, (*rsa)->d);
+ d = BN_new();
+ BN_bin2bn(ddata, dlen, d);
- (*rsa)->p = BN_new();
- BN_bin2bn(pdata, plen, (*rsa)->p);
+ p = BN_new();
+ BN_bin2bn(pdata, plen, p);
- (*rsa)->q = BN_new();
- BN_bin2bn(qdata, qlen, (*rsa)->q);
+ q = BN_new();
+ BN_bin2bn(qdata, qlen, q);
- (*rsa)->dmp1 = BN_new();
- BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
+ dmp1 = BN_new();
+ BN_bin2bn(e1data, e1len, dmp1);
- (*rsa)->dmq1 = BN_new();
- BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
+ dmq1 = BN_new();
+ BN_bin2bn(e2data, e2len, dmq1);
- (*rsa)->iqmp = BN_new();
- BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
+ iqmp = BN_new();
+ BN_bin2bn(coeffdata, coefflen, iqmp);
}
+
+ *rsa = RSA_new();
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_key(*rsa, n, e, d);
+#else
+ (*rsa)->e = e;
+ (*rsa)->n = n;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_factors(*rsa, p, q);
+#else
+ (*rsa)->p = p;
+ (*rsa)->q = q;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
+#else
+ (*rsa)->dmp1 = dmp1;
+ (*rsa)->dmq1 = dmq1;
+ (*rsa)->iqmp = iqmp;
+#endif
return 0;
}
@@ -125,25 +155,45 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
unsigned long y_len,
const unsigned char *x, unsigned long x_len)
{
- *dsactx = DSA_new();
+ BIGNUM * p_bn;
+ BIGNUM * q_bn;
+ BIGNUM * g_bn;
+ BIGNUM * pub_key;
+ BIGNUM * priv_key = NULL;
- (*dsactx)->p = BN_new();
- BN_bin2bn(p, p_len, (*dsactx)->p);
+ p_bn = BN_new();
+ BN_bin2bn(p, p_len, p_bn);
- (*dsactx)->q = BN_new();
- BN_bin2bn(q, q_len, (*dsactx)->q);
+ q_bn = BN_new();
+ BN_bin2bn(q, q_len, q_bn);
- (*dsactx)->g = BN_new();
- BN_bin2bn(g, g_len, (*dsactx)->g);
+ g_bn = BN_new();
+ BN_bin2bn(g, g_len, g_bn);
- (*dsactx)->pub_key = BN_new();
- BN_bin2bn(y, y_len, (*dsactx)->pub_key);
+ pub_key = BN_new();
+ BN_bin2bn(y, y_len, pub_key);
if (x_len) {
- (*dsactx)->priv_key = BN_new();
- BN_bin2bn(x, x_len, (*dsactx)->priv_key);
+ priv_key = BN_new();
+ BN_bin2bn(x, x_len, priv_key);
}
+ *dsactx = DSA_new();
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_set0_pqg(*dsactx, p_bn, q_bn, g_bn);
+#else
+ (*dsactx)->p = p_bn;
+ (*dsactx)->g = g_bn;
+ (*dsactx)->q = q_bn;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_set0_key(*dsactx, pub_key, priv_key);
+#else
+ (*dsactx)->pub_key = pub_key;
+ (*dsactx)->priv_key = priv_key;
+#endif
return 0;
}
@@ -153,20 +203,28 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
const unsigned char *m, unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
- DSA_SIG dsasig;
+ DSA_SIG * dsasig;
+ BIGNUM * r;
+ BIGNUM * s;
int ret = -1;
- dsasig.r = BN_new();
- BN_bin2bn(sig, 20, dsasig.r);
- dsasig.s = BN_new();
- BN_bin2bn(sig + 20, 20, dsasig.s);
+ r = BN_new();
+ BN_bin2bn(sig, 20, r);
+ s = BN_new();
+ BN_bin2bn(sig + 20, 20, s);
+ dsasig = DSA_SIG_new();
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_SIG_set0(dsasig, r, s);
+#else
+ dsasig->r = r;
+ dsasig->s = s;
+#endif
if (!_libssh2_sha1(m, m_len, hash))
/* _libssh2_sha1() succeeded */
- ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
+ ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
- BN_clear_free(dsasig.s);
- BN_clear_free(dsasig.r);
+ DSA_SIG_free(dsasig);
return (ret == 1) ? 0 : -1;
}
@@ -586,6 +644,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
+ const BIGNUM * r;
+ const BIGNUM * s;
int r_len, s_len;
(void) hash_len;
@@ -594,12 +654,18 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
return -1;
}
- r_len = BN_num_bytes(sig->r);
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_SIG_get0(sig, &r, &s);
+#else
+ r = sig->r;
+ s = sig->s;
+#endif
+ r_len = BN_num_bytes(r);
if (r_len < 1 || r_len > 20) {
DSA_SIG_free(sig);
return -1;
}
- s_len = BN_num_bytes(sig->s);
+ s_len = BN_num_bytes(s);
if (s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
@@ -607,8 +673,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
memset(signature, 0, 40);
- BN_bn2bin(sig->r, signature + (20 - r_len));
- BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
+ BN_bn2bin(r, signature + (20 - r_len));
+ BN_bn2bin(s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
@@ -768,9 +834,16 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
unsigned long len;
unsigned char* key;
unsigned char* p;
-
- e_bytes = BN_num_bytes(rsa->e) + 1;
- n_bytes = BN_num_bytes(rsa->n) + 1;
+ const BIGNUM * e;
+ const BIGNUM * n;
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_get0_key(rsa, &n, &e, NULL);
+#else
+ e = rsa->e;
+ n = rsa->n;
+#endif
+ e_bytes = BN_num_bytes(e) + 1;
+ n_bytes = BN_num_bytes(n) + 1;
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
@@ -788,8 +861,8 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
memcpy(p, "ssh-rsa", 7);
p += 7;
- p = write_bn(p, rsa->e, e_bytes);
- p = write_bn(p, rsa->n, n_bytes);
+ p = write_bn(p, e, e_bytes);
+ p = write_bn(p, n, n_bytes);
*key_len = (size_t)(p - key);
return key;
@@ -805,10 +878,27 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
unsigned char* key;
unsigned char* p;
- p_bytes = BN_num_bytes(dsa->p) + 1;
- q_bytes = BN_num_bytes(dsa->q) + 1;
- g_bytes = BN_num_bytes(dsa->g) + 1;
- k_bytes = BN_num_bytes(dsa->pub_key) + 1;
+ const BIGNUM * p_bn;
+ const BIGNUM * q;
+ const BIGNUM * g;
+ const BIGNUM * pub_key;
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_get0_pqg(dsa, &p_bn, &q, &g);
+#else
+ p_bn = dsa->p;
+ q = dsa->q;
+ g = dsa->g;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_get0_key(dsa, &pub_key, NULL);
+#else
+ pub_key = dsa->pub_key;
+#endif
+ p_bytes = BN_num_bytes(p_bn) + 1;
+ q_bytes = BN_num_bytes(q) + 1;
+ g_bytes = BN_num_bytes(g) + 1;
+ k_bytes = BN_num_bytes(pub_key) + 1;
/* Key form is "ssh-dss" + p + q + g + pub_key. */
len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
@@ -826,10 +916,10 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
memcpy(p, "ssh-dss", 7);
p += 7;
- p = write_bn(p, dsa->p, p_bytes);
- p = write_bn(p, dsa->q, q_bytes);
- p = write_bn(p, dsa->g, g_bytes);
- p = write_bn(p, dsa->pub_key, k_bytes);
+ p = write_bn(p, p_bn, p_bytes);
+ p = write_bn(p, q, q_bytes);
+ p = write_bn(p, g, g_bytes);
+ p = write_bn(p, pub_key, k_bytes);
*key_len = (size_t)(p - key);
return key;

29
libssh2.spec
Unescape View File

@ -11,16 +11,13 @@
%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} %{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')}
Name: libssh2 Name: libssh2
Version: 1.7.0 Version: 1.8.0
Release: 7%{?dist} Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol Summary: A library implementing the SSH2 protocol
Group: System Environment/Libraries Group: System Environment/Libraries
License: BSD License: BSD
URL: http://www.libssh2.org/ URL: http://www.libssh2.org/
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
Patch2: CVE-2016-0787.patch
Patch3: libssh2-1.7.0-openssl11.patch
Patch4: libssh2-1.7.0-openssl11-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildRequires: coreutils BuildRequires: coreutils
@ -77,15 +74,6 @@ developing applications that use libssh2.
# between 32-bit and 64-bit builds running on a single build-host # between 32-bit and 64-bit builds running on a single build-host
sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh}
# diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
%patch2 -p1
# Build with OpenSSL 1.1.0 from upstream git
%patch3 -p1
# make curl test-suite work again with valgrind enabled
%patch4 -p1
# Make sshd transition appropriately if building in an SELinux environment # Make sshd transition appropriately if building in an SELinux environment
%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
@ -97,9 +85,6 @@ chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} |
%configure --disable-silent-rules --disable-static --enable-shared %configure --disable-silent-rules --disable-static --enable-shared
make %{?_smp_mflags} make %{?_smp_mflags}
# Avoid polluting libssh2.pc with linker options (#947813)
sed -i -e 's|[[:space:]]-Wl,[^[:space:]]*||' libssh2.pc
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p" make install DESTDIR=%{buildroot} INSTALL="install -p"
@ -160,11 +145,17 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libssh2.pc %{_libdir}/pkgconfig/libssh2.pc
%changelog %changelog
* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1
- Update to 1.8.0
- Added a basic dockerised test suite
- crypto: Add support for the mbedTLS backend
- See RELEASE-NOTES for details of bug fixes
* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7 * Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7
- make curl test-suite work again with valgrind enabled - Make curl test-suite work again with valgrind enabled
* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6 * Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6
- rebuild with OpenSSL 1.1.0 - Rebuild with OpenSSL 1.1.0
* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5 * Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5
- Revert parts of previous change that broke EL-5 compatibility - Revert parts of previous change that broke EL-5 compatibility

Write Preview
Loading…
Cancel
Save