diff options
author | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-10 10:29:43 +0100 |
---|---|---|
committer | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-10 10:30:17 +0100 |
commit | 70163d9da371acac9b3a91f6b2c6c17047421dfa (patch) | |
tree | 627224acfc525900b3e56d38609d64d37f7f19e8 /main/libssh | |
parent | 526cd2d0784cf7d2de905a228cde098c07240b18 (diff) | |
download | aports-70163d9da371acac9b3a91f6b2c6c17047421dfa.tar.bz2 aports-70163d9da371acac9b3a91f6b2c6c17047421dfa.tar.xz |
main/libssh: security fix for CVE-2014-0017
Diffstat (limited to 'main/libssh')
-rw-r--r-- | main/libssh/APKBUILD | 12 | ||||
-rw-r--r-- | main/libssh/CVE-2014-0017.patch | 67 |
2 files changed, 75 insertions, 4 deletions
diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index 521a5835bf..929ebe7e66 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh pkgver=0.5.5 -pkgrel=0 +pkgrel=1 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" arch="all" @@ -13,6 +13,7 @@ subpackages="$pkgname-dev" source="https://red.libssh.org/attachments/download/51/libssh-$pkgver.tar.gz link-pthread.patch fix-includes.patch + CVE-2014-0017.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -46,10 +47,13 @@ package() { md5sums="bb308196756c7255c0969583d917136b libssh-0.5.5.tar.gz 8d58b3391286de4dad3eb8a5b70171aa link-pthread.patch -8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch" +8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch +2eddf36e41adf62e4094f17b64d466e0 CVE-2014-0017.patch" sha256sums="c0df0f05fc812dbe26fd4118bec0776aa9e892c0719590f3971130489c6b8e9d libssh-0.5.5.tar.gz 7a57c161357cb588e37a0b2e0b6a4a42505834da00e763ffe21141ed3a899169 link-pthread.patch -d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch" +d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch +0321e6d26b05b49a4dcc5ecc622061d14e17b44c823625c422a561317cdf1267 CVE-2014-0017.patch" sha512sums="114a8d078b9530fe37f12c769283213ceacdd8cbf0c1c3e64e09c07d38b3886bc8c9a78816562ab1bc44c55c604fcc4ed85cdb2a8203962c9331f9d10977e802 libssh-0.5.5.tar.gz da26f14312a0988c72663225b6412ec06b2cdda6fdfd234f167f7fe9f1371fa432cb4c5d6326048540cffa527781203019023844870fe52c1b58631d8ca45b39 link-pthread.patch -055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch" +055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch +4de07b3a70458d98b871e840ee23fd460e6911705d5a6a79d97dbc312c9921481e622088a3b651a3c9341ff5168aa2726b63cb0966dbaab72a7761102b307b1e CVE-2014-0017.patch" diff --git a/main/libssh/CVE-2014-0017.patch b/main/libssh/CVE-2014-0017.patch new file mode 100644 index 0000000000..dd56a329d7 --- /dev/null +++ b/main/libssh/CVE-2014-0017.patch @@ -0,0 +1,67 @@ +diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h +--- a/include/libssh/wrapper.h 2013-07-26 06:39:39.000000000 +0000 ++++ b/include/libssh/wrapper.h 2014-03-09 16:38:49.807812235 +0000 +@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess + struct ssh_crypto_struct *crypto_new(void); + void crypto_free(struct ssh_crypto_struct *crypto); + ++void ssh_reseed(void); + + #endif /* WRAPPER_H_ */ +diff -rupN a/src/bind.c b/src/bind.c +--- a/src/bind.c 2013-07-26 06:39:39.000000000 +0000 ++++ b/src/bind.c 2014-03-09 16:39:00.571080087 +0000 +@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss + session->dsa_key = dsa; + session->rsa_key = rsa; + ++ ssh_reseed(); + return SSH_OK; + } + +diff -rupN a/src/libcrypto.c b/src/libcrypto.c +--- a/src/libcrypto.c 2013-07-26 06:39:39.000000000 +0000 ++++ b/src/libcrypto.c 2014-03-09 16:40:07.807331327 +0000 +@@ -23,6 +23,7 @@ + #include <stdlib.h> + #include <stdio.h> + #include <string.h> ++#include <sys/time.h> + + #include "libssh/priv.h" + #include "libssh/session.h" +@@ -38,6 +39,8 @@ + #include <openssl/rsa.h> + #include <openssl/hmac.h> + #include <openssl/opensslv.h> ++#include <openssl/rand.h> ++ + #ifdef HAVE_OPENSSL_AES_H + #define HAS_AES + #include <openssl/aes.h> +@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc + return 0; + } + ++void ssh_reseed(void) { ++ struct timeval tv; ++ gettimeofday(&tv, NULL); ++ RAND_add(&tv, sizeof(tv), 0.0); ++} ++ + SHACTX sha1_init(void) { + SHACTX c = malloc(sizeof(*c)); + if (c == NULL) { +diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c +--- a/src/libgcrypt.c 2013-07-26 06:39:39.000000000 +0000 ++++ b/src/libgcrypt.c 2014-03-09 16:40:51.730392881 +0000 +@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc + return 0; + } + ++void ssh_reseed(void) { ++ } ++ + SHACTX sha1_init(void) { + SHACTX ctx = NULL; + gcry_md_open(&ctx, GCRY_MD_SHA1, 0); |