diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-25 11:03:37 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-02-25 11:22:06 +0000 |
commit | 8fd14512598c4438817e0c3b405cfa648fc72898 (patch) | |
tree | dd9b6a426a0baefe44655a7bea7deec15b7df75e /main/libssh | |
parent | 775b25076f747d4d008d25adbc59ec3bedd69e39 (diff) | |
download | aports-8fd14512598c4438817e0c3b405cfa648fc72898.tar.bz2 aports-8fd14512598c4438817e0c3b405cfa648fc72898.tar.xz |
main/libssh: security fix (CVE-2016-0739). Fixes #5174
Diffstat (limited to 'main/libssh')
-rw-r--r-- | main/libssh/APKBUILD | 12 | ||||
-rw-r--r-- | main/libssh/CVE-2016-0739.patch | 64 |
2 files changed, 72 insertions, 4 deletions
diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index d16291bd7a..4af3df7f96 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh pkgver=0.6.5 -pkgrel=0 +pkgrel=1 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" arch="all" @@ -12,6 +12,7 @@ makedepends="openssl-dev cmake doxygen" subpackages="$pkgname-dev" source="https://red.libssh.org/attachments/download/121/libssh-$pkgver.tar.xz fix-includes.patch + CVE-2016-0739.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -44,8 +45,11 @@ package() { } md5sums="fdf107011ae1847d86620b39ae37d4f3 libssh-0.6.5.tar.xz -8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch" +8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch +c7e390faeadadbef2013026b6b0df99d CVE-2016-0739.patch" sha256sums="0fd52763e033d5e9b1cd55f60a74e619731c5ba630938eec95682dbe4cf7dc2c libssh-0.6.5.tar.xz -d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch" +d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch +7ed3eb7c5cecae5ccd2f9f319a846c0d7c00d798d289ca45d9b81473a237f183 CVE-2016-0739.patch" sha512sums="55d614ff311a29a20b93094ac1dd16a2ad1345368b874a0e385f0c235e8defde8816948ab04eab68ade477a0a6901b317c7884df1ba3078cf12db89dfc4169cc libssh-0.6.5.tar.xz -055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch" +055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch +0dc455d073e94e3bab3fed861e5acd7e57654b12bf7b6b90563bc1b99a17ebac580c8e32de2d91292185585deee3b477c1f19bb0e03a39e681b7fc730df46a88 CVE-2016-0739.patch" diff --git a/main/libssh/CVE-2016-0739.patch b/main/libssh/CVE-2016-0739.patch new file mode 100644 index 0000000000..caa39a298d --- /dev/null +++ b/main/libssh/CVE-2016-0739.patch @@ -0,0 +1,64 @@ +Description: CVE-2016-0739: Truncated Diffie-Hellman secret length +Origin: upstream, https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 +Bug-Debian: https://bugs.debian.org/815663 +Forwarded: not-needed +Author: Aris Adamantiadis <aris@0xbadc0de.be> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2016-02-22 +Applied-Upstream: 0.7.3 + +--- + src/dh.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +--- a/src/dh.c ++++ b/src/dh.c +@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, + } + + int dh_generate_x(ssh_session session) { ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } + session->next_crypto->x = bignum_new(); + if (session->next_crypto->x == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->x, 128); ++ bignum_rand(session->next_crypto->x, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->x, 128, 0, -1); ++ bignum_rand(session->next_crypto->x, keysize, -1, 0); + #endif + + /* not harder than this */ +@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) { + + /* used by server */ + int dh_generate_y(ssh_session session) { +- session->next_crypto->y = bignum_new(); ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } ++ session->next_crypto->y = bignum_new(); + if (session->next_crypto->y == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->y, 128); ++ bignum_rand(session->next_crypto->y, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->y, 128, 0, -1); ++ bignum_rand(session->next_crypto->y, keysize, -1, 0); + #endif + + /* not harder than this */ |