ArchPOWER/packages
1
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Packages Projects Releases 18 Wiki Activity

* sync libssh with main arch

Browse Source
This commit is contained in:
Alexander Baldeck 2020-08-26 21:35:34 +02:00
parent 1ef877a496
commit edb86ed2bf
3 changed files with 173 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
libssh/0001-CVE-2020-16135.patch Normal file
View File

@ -0,0 +1,165 @@
From 533d881b0f4b24c72b35ecc97fa35d295d063e53 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:04:09 +0200
Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new()
Thanks to Ramin Farajpour Cami for spotting this.
Fixes T232
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Christian Hesse <mail@eworm.de>
---
src/sftpserver.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/sftpserver.c b/src/sftpserver.c
index 5a2110e5..b639a2ce 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
/* take a copy of the whole packet */
msg->complete_message = ssh_buffer_new();
+ if (msg->complete_message == NULL) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
+
ssh_buffer_add_data(msg->complete_message,
ssh_buffer_get(payload),
ssh_buffer_get_len(payload));
From 2782cb0495b7450bd8fe43ce4af886b66fea6c40 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:05:51 +0200
Subject: [PATCH 2/4] sftpserver: Add missing return check for
ssh_buffer_add_data()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Christian Hesse <mail@eworm.de>
---
src/sftpserver.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/sftpserver.c b/src/sftpserver.c
index b639a2ce..9117f155 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
return NULL;
}
- ssh_buffer_add_data(msg->complete_message,
- ssh_buffer_get(payload),
- ssh_buffer_get_len(payload));
+ rc = ssh_buffer_add_data(msg->complete_message,
+ ssh_buffer_get(payload),
+ ssh_buffer_get_len(payload));
+ if (rc < 0) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
ssh_buffer_get_u32(payload, &msg->id);
From 10b3ebbe61a7031a3dae97f05834442220447181 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:10:11 +0200
Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Christian Hesse <mail@eworm.de>
---
src/buffer.c | 35 ++++++++++++++++++-----------------
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/buffer.c b/src/buffer.c
index a2e6246a..476bc135 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
*/
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
{
- buffer_verify(buffer);
+ buffer_verify(buffer);
- if (data == NULL) {
- return -1;
- }
+ if (data == NULL) {
+ return -1;
+ }
- if (buffer->used + len < len) {
- return -1;
- }
+ if (buffer->used + len < len) {
+ return -1;
+ }
- if (buffer->allocated < (buffer->used + len)) {
- if(buffer->pos > 0)
- buffer_shift(buffer);
- if (realloc_buffer(buffer, buffer->used + len) < 0) {
- return -1;
+ if (buffer->allocated < (buffer->used + len)) {
+ if (buffer->pos > 0) {
+ buffer_shift(buffer);
+ }
+ if (realloc_buffer(buffer, buffer->used + len) < 0) {
+ return -1;
+ }
}
- }
- memcpy(buffer->data+buffer->used, data, len);
- buffer->used+=len;
- buffer_verify(buffer);
- return 0;
+ memcpy(buffer->data + buffer->used, data, len);
+ buffer->used += len;
+ buffer_verify(buffer);
+ return 0;
}
/**
From 245ad744b5ab0582fef7cf3905a717b791d7e08b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:11:21 +0200
Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Christian Hesse <mail@eworm.de>
---
src/buffer.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/buffer.c b/src/buffer.c
index 476bc135..ce12f491 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
*/
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
{
+ if (buffer == NULL) {
+ return -1;
+ }
+
buffer_verify(buffer);
if (data == NULL) {

11
libssh/PKGBUILD
View File

@ -8,16 +8,18 @@
pkgbase=libssh
pkgname=(libssh libssh-docs)
pkgver=0.9.4
pkgrel=1
pkgrel=2
pkgdesc="Library for accessing ssh client services through C libraries"
url="https://www.libssh.org/"
license=(LGPL)
arch=(x86_64 powerpc64le)
depends=(zlib openssl)
makedepends=(cmake cmocka doxygen python)
source=(https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.asc})
source=(https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.asc}
'0001-CVE-2020-16135.patch')
sha256sums=('150897a569852ac05aac831dc417a7ba8e610c86ca2e0154a99c6ade2486226b'
'SKIP')
'SKIP'
'5668b4fa30cea2fb998e7e8084639ac4d6a76972778ba24d477f6aa79cd84ec8')
validpgpkeys=('8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D') # Andreas Schneider <asn@cryptomilk.org>
prepare() {
@ -27,6 +29,9 @@ prepare() {
sed 's/cmocka_unit_test(torture_path_expand_tilde_unix),//' -i libssh-${pkgver}/tests/unittests/torture_misc.c
mkdir -p build
cd "$srcdir/$pkgname-$pkgver"
patch -Np1 < ../0001-CVE-2020-16135.patch
}
build() {

59
libssh/trunk/PKGBUILD
View File

@ -1,59 +0,0 @@
# Maintainer: Antonio Rojas <arojas@archlinux.org>
# Contributor: Tom Gundersen <teg@jklm.no>
# Contributor: Andrea Scarpino <andrea@archlinux.org>
# Contributor: ice-man <icemanf@gmail.com>
# Contributor: sergeantspoon <sergeantspoon@archlinux.us>
pkgbase=libssh
pkgname=(libssh libssh-docs)
pkgver=0.8.6
pkgrel=1
pkgdesc="Library for accessing ssh client services through C libraries"
url="https://www.libssh.org/"
license=(LGPL)
arch=(x86_64)
depends=(zlib openssl)
makedepends=(cmake cmocka doxygen python)
source=(https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.asc})
sha256sums=('1046b95632a07fc00b1ea70ee683072d0c8a23f544f4535440b727812002fd01'
'SKIP')
validpgpkeys=('8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D') # Andreas Schneider <asn@cryptomilk.org>
prepare() {
# disable the test. It is confused by our clean container setup.
# 'extra-x86-build' uses user 'nobody' that has a record in /etc/passwd file
# but $HOME envvar is set to '/build'. The test expects that $HOME corresponds to passwd file.
sed 's/cmocka_unit_test(torture_path_expand_tilde_unix),//' -i libssh-${pkgver}/tests/unittests/torture_misc.c
mkdir -p build
}
build() {
cd build
cmake ../$pkgname-$pkgver \
-DCMAKE_INSTALL_PREFIX=/usr \
-DWITH_GSSAPI=OFF \
-DUNIT_TESTING=ON
make
make docs
}
check() {
cd build
make test
}
package_libssh() {
cd build
make DESTDIR="$pkgdir" install
}
package_libssh-docs() {
pkgdesc="Documentation for libssh"
depends=()
mkdir -p "$pkgdir"/usr/share/doc/libssh
cp -r build/doc/html "$pkgdir"/usr/share/doc/libssh
# cp -r build/doc/man "$pkgdir"/usr/share
# rm "$pkgdir"/usr/share/man/man3/{bug,deprecated}.*
}