aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-02-25 11:09:18 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-02-26 13:02:56 +0000
commit688a2e4d988804f9f34688392292719f005228b5 (patch)
treed7ba197006dda4193d2fa0828781560977d41529
parentb06eb65c2514f30d61c14b70fe796163e1c5c86d (diff)
downloadaports-688a2e4d988804f9f34688392292719f005228b5.tar.bz2
aports-688a2e4d988804f9f34688392292719f005228b5.tar.xz
main/libssh2: security fix (CVE-2016-0787). Fixes #5182
(cherry picked from commit 3bf1d9071528d84001ffc0f7565000af2c20023b)
-rw-r--r--main/libssh2/APKBUILD13
-rw-r--r--main/libssh2/CVE-2016-0787.patch21
2 files changed, 31 insertions, 3 deletions
diff --git a/main/libssh2/APKBUILD b/main/libssh2/APKBUILD
index bbe3d29a78..e01c0de012 100644
--- a/main/libssh2/APKBUILD
+++ b/main/libssh2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libssh2
pkgver=1.4.3
-pkgrel=0
+pkgrel=1
pkgdesc="library for accessing ssh1/ssh2 protocol servers"
url="http://libssh2.org/"
arch="all"
@@ -12,7 +12,9 @@ depends_dev="openssl-dev zlib-dev"
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz"
+source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz
+ CVE-2016-0787.patch
+ "
_builddir="$srcdir"/libssh2-$pkgver
prepare() {
@@ -46,4 +48,9 @@ package() {
rm -f "$pkgdir"/usr/lib/*.la
}
-md5sums="071004c60c5d6f90354ad1b701013a0b libssh2-1.4.3.tar.gz"
+md5sums="071004c60c5d6f90354ad1b701013a0b libssh2-1.4.3.tar.gz
+6f9fdb632b8946a33a9ab22d3de8afce CVE-2016-0787.patch"
+sha256sums="eac6f85f9df9db2e6386906a6227eb2cd7b3245739561cad7d6dc1d5d021b96d libssh2-1.4.3.tar.gz
+dd8a847a1ecf2df6b968273c97ea96aeb9393c51d9cb7597b04df4b930bf57d5 CVE-2016-0787.patch"
+sha512sums="707e0634b74fcf0f5ae4e46d9807907db7cd09328d553a67c49e9e11d852ae85843a7dcbe3f002e639eb2704e53e865c640c8fe85dcada330d0160708e8b5177 libssh2-1.4.3.tar.gz
+b94362a9cc29e9d74bc1a2dddf12e61346d33868c6e3667647d676772ee29c10404f07310de9c2a072af0258b0428b313a0a9987b823ad1eb0cc1f4bf97102af CVE-2016-0787.patch"
diff --git a/main/libssh2/CVE-2016-0787.patch b/main/libssh2/CVE-2016-0787.patch
new file mode 100644
index 0000000000..883f0c2d08
--- /dev/null
+++ b/main/libssh2/CVE-2016-0787.patch
@@ -0,0 +1,21 @@
+Description: CVE-2016-0787: Truncated Difffie-Hellman secret length
+ Convert bytes to bits in diffie_hellman_sha1. Otherwise we get far too
+ small numbers.
+Origin: backport, http://www.libssh2.org/CVE-2016-0787.patch
+Forwarded: not-needed
+Author: Daniel Stenberg <daniel@haxx.se>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-02-18
+Applied-Upstream: 1.7.0
+---
+
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S
+ memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+
+ /* Generate x and e */
+- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+ _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+ exchange_state->ctx);