summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CVE-2016-0787.patch30
-rw-r--r--libssh2-1.7.0-openssl11-memleak.patch38
-rw-r--r--libssh2-1.7.0-openssl11.patch304
-rw-r--r--libssh2.spec29
4 files changed, 10 insertions, 391 deletions
diff --git a/CVE-2016-0787.patch b/CVE-2016-0787.patch
deleted file mode 100644
index 8827c5d..0000000
--- a/CVE-2016-0787.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 11 Feb 2016 13:52:20 +0100
-Subject: [PATCH] diffie_hellman_sha1: convert bytes to bits
-
-As otherwise we get far too small numbers.
-
-CVE-2016-0787
-
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- src/kex.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/kex.c b/src/kex.c
-index 6349457..e89b36c 100644
---- a/src/kex.c
-+++ b/src/kex.c
-@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
- memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
-
- /* Generate x and e */
-- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
-+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
- _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
- exchange_state->ctx);
-
---
-2.7.0
-
diff --git a/libssh2-1.7.0-openssl11-memleak.patch b/libssh2-1.7.0-openssl11-memleak.patch
deleted file mode 100644
index 94f88c0..0000000
--- a/libssh2-1.7.0-openssl11-memleak.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From c43eb3bae2b63affe5b16bfdab028a65cdc055db Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Thu, 20 Oct 2016 17:22:31 +0200
-Subject: [PATCH] Revert "aes: the init function fails when OpenSSL has AES
- support"
-
-This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
-because it caused the compatibility code to call initialization routines
-redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
-test-suite in Fedora:
-
-88 bytes in 1 blocks are definitely lost in loss record 5 of 8
- at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
- by 0x72C607D: CRYPTO_zalloc (mem.c:100)
- by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
- by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
- by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
- by 0x4E5BB5A: libssh2_init (global.c:49)
----
- src/openssl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/openssl.c b/src/openssl.c
-index a31e2dd..4f63ef9 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -265,7 +265,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
- return ret == 1 ? 0 : 1;
- }
-
--#if LIBSSH2_AES_CTR
-+#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
-
- #include <openssl/aes.h>
- #include <openssl/evp.h>
---
-2.7.4
-
diff --git a/libssh2-1.7.0-openssl11.patch b/libssh2-1.7.0-openssl11.patch
deleted file mode 100644
index bb32c3d..0000000
--- a/libssh2-1.7.0-openssl11.patch
+++ /dev/null
@@ -1,304 +0,0 @@
-commit 64ebfd8182a9b6e637e65c3059e3798e199274b3
-Author: Taylor Holberton <taylorcholberton@gmail.com>
-Date: Mon Sep 5 06:28:51 2016 -0400
-
- openssl: add OpenSSL 1.1.0 compatibility
-
-diff --git a/src/openssl.c b/src/openssl.c
-index b0c695d..a31e2dd 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -66,33 +66,63 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
- unsigned long e2len,
- const unsigned char *coeffdata, unsigned long coefflen)
- {
-- *rsa = RSA_new();
-+ BIGNUM * e;
-+ BIGNUM * n;
-+ BIGNUM * d = 0;
-+ BIGNUM * p = 0;
-+ BIGNUM * q = 0;
-+ BIGNUM * dmp1 = 0;
-+ BIGNUM * dmq1 = 0;
-+ BIGNUM * iqmp = 0;
-
-- (*rsa)->e = BN_new();
-- BN_bin2bn(edata, elen, (*rsa)->e);
-+ e = BN_new();
-+ BN_bin2bn(edata, elen, e);
-
-- (*rsa)->n = BN_new();
-- BN_bin2bn(ndata, nlen, (*rsa)->n);
-+ n = BN_new();
-+ BN_bin2bn(ndata, nlen, n);
-
- if (ddata) {
-- (*rsa)->d = BN_new();
-- BN_bin2bn(ddata, dlen, (*rsa)->d);
-+ d = BN_new();
-+ BN_bin2bn(ddata, dlen, d);
-
-- (*rsa)->p = BN_new();
-- BN_bin2bn(pdata, plen, (*rsa)->p);
-+ p = BN_new();
-+ BN_bin2bn(pdata, plen, p);
-
-- (*rsa)->q = BN_new();
-- BN_bin2bn(qdata, qlen, (*rsa)->q);
-+ q = BN_new();
-+ BN_bin2bn(qdata, qlen, q);
-
-- (*rsa)->dmp1 = BN_new();
-- BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
-+ dmp1 = BN_new();
-+ BN_bin2bn(e1data, e1len, dmp1);
-
-- (*rsa)->dmq1 = BN_new();
-- BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
-+ dmq1 = BN_new();
-+ BN_bin2bn(e2data, e2len, dmq1);
-
-- (*rsa)->iqmp = BN_new();
-- BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
-+ iqmp = BN_new();
-+ BN_bin2bn(coeffdata, coefflen, iqmp);
- }
-+
-+ *rsa = RSA_new();
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ RSA_set0_key(*rsa, n, e, d);
-+#else
-+ (*rsa)->e = e;
-+ (*rsa)->n = n;
-+#endif
-+
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ RSA_set0_factors(*rsa, p, q);
-+#else
-+ (*rsa)->p = p;
-+ (*rsa)->q = q;
-+#endif
-+
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
-+#else
-+ (*rsa)->dmp1 = dmp1;
-+ (*rsa)->dmq1 = dmq1;
-+ (*rsa)->iqmp = iqmp;
-+#endif
- return 0;
- }
-
-@@ -125,25 +155,45 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
- unsigned long y_len,
- const unsigned char *x, unsigned long x_len)
- {
-- *dsactx = DSA_new();
-+ BIGNUM * p_bn;
-+ BIGNUM * q_bn;
-+ BIGNUM * g_bn;
-+ BIGNUM * pub_key;
-+ BIGNUM * priv_key = NULL;
-
-- (*dsactx)->p = BN_new();
-- BN_bin2bn(p, p_len, (*dsactx)->p);
-+ p_bn = BN_new();
-+ BN_bin2bn(p, p_len, p_bn);
-
-- (*dsactx)->q = BN_new();
-- BN_bin2bn(q, q_len, (*dsactx)->q);
-+ q_bn = BN_new();
-+ BN_bin2bn(q, q_len, q_bn);
-
-- (*dsactx)->g = BN_new();
-- BN_bin2bn(g, g_len, (*dsactx)->g);
-+ g_bn = BN_new();
-+ BN_bin2bn(g, g_len, g_bn);
-
-- (*dsactx)->pub_key = BN_new();
-- BN_bin2bn(y, y_len, (*dsactx)->pub_key);
-+ pub_key = BN_new();
-+ BN_bin2bn(y, y_len, pub_key);
-
- if (x_len) {
-- (*dsactx)->priv_key = BN_new();
-- BN_bin2bn(x, x_len, (*dsactx)->priv_key);
-+ priv_key = BN_new();
-+ BN_bin2bn(x, x_len, priv_key);
- }
-
-+ *dsactx = DSA_new();
-+
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_set0_pqg(*dsactx, p_bn, q_bn, g_bn);
-+#else
-+ (*dsactx)->p = p_bn;
-+ (*dsactx)->g = g_bn;
-+ (*dsactx)->q = q_bn;
-+#endif
-+
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_set0_key(*dsactx, pub_key, priv_key);
-+#else
-+ (*dsactx)->pub_key = pub_key;
-+ (*dsactx)->priv_key = priv_key;
-+#endif
- return 0;
- }
-
-@@ -153,20 +203,28 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
- const unsigned char *m, unsigned long m_len)
- {
- unsigned char hash[SHA_DIGEST_LENGTH];
-- DSA_SIG dsasig;
-+ DSA_SIG * dsasig;
-+ BIGNUM * r;
-+ BIGNUM * s;
- int ret = -1;
-
-- dsasig.r = BN_new();
-- BN_bin2bn(sig, 20, dsasig.r);
-- dsasig.s = BN_new();
-- BN_bin2bn(sig + 20, 20, dsasig.s);
-+ r = BN_new();
-+ BN_bin2bn(sig, 20, r);
-+ s = BN_new();
-+ BN_bin2bn(sig + 20, 20, s);
-
-+ dsasig = DSA_SIG_new();
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_SIG_set0(dsasig, r, s);
-+#else
-+ dsasig->r = r;
-+ dsasig->s = s;
-+#endif
- if (!_libssh2_sha1(m, m_len, hash))
- /* _libssh2_sha1() succeeded */
-- ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
-+ ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
-
-- BN_clear_free(dsasig.s);
-- BN_clear_free(dsasig.r);
-+ DSA_SIG_free(dsasig);
-
- return (ret == 1) ? 0 : -1;
- }
-@@ -586,6 +644,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
- unsigned long hash_len, unsigned char *signature)
- {
- DSA_SIG *sig;
-+ const BIGNUM * r;
-+ const BIGNUM * s;
- int r_len, s_len;
- (void) hash_len;
-
-@@ -594,12 +654,18 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
- return -1;
- }
-
-- r_len = BN_num_bytes(sig->r);
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_SIG_get0(sig, &r, &s);
-+#else
-+ r = sig->r;
-+ s = sig->s;
-+#endif
-+ r_len = BN_num_bytes(r);
- if (r_len < 1 || r_len > 20) {
- DSA_SIG_free(sig);
- return -1;
- }
-- s_len = BN_num_bytes(sig->s);
-+ s_len = BN_num_bytes(s);
- if (s_len < 1 || s_len > 20) {
- DSA_SIG_free(sig);
- return -1;
-@@ -607,8 +673,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
-
- memset(signature, 0, 40);
-
-- BN_bn2bin(sig->r, signature + (20 - r_len));
-- BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
-+ BN_bn2bin(r, signature + (20 - r_len));
-+ BN_bn2bin(s, signature + 20 + (20 - s_len));
-
- DSA_SIG_free(sig);
-
-@@ -768,9 +834,16 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
- unsigned long len;
- unsigned char* key;
- unsigned char* p;
--
-- e_bytes = BN_num_bytes(rsa->e) + 1;
-- n_bytes = BN_num_bytes(rsa->n) + 1;
-+ const BIGNUM * e;
-+ const BIGNUM * n;
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ RSA_get0_key(rsa, &n, &e, NULL);
-+#else
-+ e = rsa->e;
-+ n = rsa->n;
-+#endif
-+ e_bytes = BN_num_bytes(e) + 1;
-+ n_bytes = BN_num_bytes(n) + 1;
-
- /* Key form is "ssh-rsa" + e + n. */
- len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
-@@ -788,8 +861,8 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
- memcpy(p, "ssh-rsa", 7);
- p += 7;
-
-- p = write_bn(p, rsa->e, e_bytes);
-- p = write_bn(p, rsa->n, n_bytes);
-+ p = write_bn(p, e, e_bytes);
-+ p = write_bn(p, n, n_bytes);
-
- *key_len = (size_t)(p - key);
- return key;
-@@ -805,10 +878,27 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
- unsigned char* key;
- unsigned char* p;
-
-- p_bytes = BN_num_bytes(dsa->p) + 1;
-- q_bytes = BN_num_bytes(dsa->q) + 1;
-- g_bytes = BN_num_bytes(dsa->g) + 1;
-- k_bytes = BN_num_bytes(dsa->pub_key) + 1;
-+ const BIGNUM * p_bn;
-+ const BIGNUM * q;
-+ const BIGNUM * g;
-+ const BIGNUM * pub_key;
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_get0_pqg(dsa, &p_bn, &q, &g);
-+#else
-+ p_bn = dsa->p;
-+ q = dsa->q;
-+ g = dsa->g;
-+#endif
-+
-+#ifdef HAVE_OPAQUE_STRUCTS
-+ DSA_get0_key(dsa, &pub_key, NULL);
-+#else
-+ pub_key = dsa->pub_key;
-+#endif
-+ p_bytes = BN_num_bytes(p_bn) + 1;
-+ q_bytes = BN_num_bytes(q) + 1;
-+ g_bytes = BN_num_bytes(g) + 1;
-+ k_bytes = BN_num_bytes(pub_key) + 1;
-
- /* Key form is "ssh-dss" + p + q + g + pub_key. */
- len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
-@@ -826,10 +916,10 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
- memcpy(p, "ssh-dss", 7);
- p += 7;
-
-- p = write_bn(p, dsa->p, p_bytes);
-- p = write_bn(p, dsa->q, q_bytes);
-- p = write_bn(p, dsa->g, g_bytes);
-- p = write_bn(p, dsa->pub_key, k_bytes);
-+ p = write_bn(p, p_bn, p_bytes);
-+ p = write_bn(p, q, q_bytes);
-+ p = write_bn(p, g, g_bytes);
-+ p = write_bn(p, pub_key, k_bytes);
-
- *key_len = (size_t)(p - key);
- return key;
diff --git a/libssh2.spec b/libssh2.spec
index 4c1514a..dcb51ae 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -11,16 +11,13 @@
%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')}
Name: libssh2
-Version: 1.7.0
-Release: 7%{?dist}
+Version: 1.8.0
+Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol
Group: System Environment/Libraries
License: BSD
URL: http://www.libssh2.org/
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
-Patch2: CVE-2016-0787.patch
-Patch3: libssh2-1.7.0-openssl11.patch
-Patch4: libssh2-1.7.0-openssl11-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildRequires: coreutils
@@ -77,15 +74,6 @@ developing applications that use libssh2.
# between 32-bit and 64-bit builds running on a single build-host
sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh}
-# diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
-%patch2 -p1
-
-# Build with OpenSSL 1.1.0 from upstream git
-%patch3 -p1
-
-# make curl test-suite work again with valgrind enabled
-%patch4 -p1
-
# Make sshd transition appropriately if building in an SELinux environment
%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
@@ -97,9 +85,6 @@ chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} |
%configure --disable-silent-rules --disable-static --enable-shared
make %{?_smp_mflags}
-# Avoid polluting libssh2.pc with linker options (#947813)
-sed -i -e 's|[[:space:]]-Wl,[^[:space:]]*||' libssh2.pc
-
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p"
@@ -160,11 +145,17 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libssh2.pc
%changelog
+* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1
+- Update to 1.8.0
+ - Added a basic dockerised test suite
+ - crypto: Add support for the mbedTLS backend
+ - See RELEASE-NOTES for details of bug fixes
+
* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7
-- make curl test-suite work again with valgrind enabled
+- Make curl test-suite work again with valgrind enabled
* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6
-- rebuild with OpenSSL 1.1.0
+- Rebuild with OpenSSL 1.1.0
* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5
- Revert parts of previous change that broke EL-5 compatibility
bgstack15