mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-13 12:13:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

libssh2: update 1.9.0 -> 1.10.0

Browse Source 
0001-configure-Conditionally-undefine-backend-m4-macro.patch no
longer needed; code removed upstream.

License-Update: copyright years
(From OE-Core rev: 6547e565cc1685eb4e42f61d88203cf743a06284)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Alexander Kanavin
2021-09-08 20:01:25 +02:00
committed by Richard Purdie
parent 8bddba7249
commit 0f89346baa
5 changed files with 5 additions and 284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
View File

@@ -1,4 +1,4 @@
From f9e3e2ee7b18ba5bb8efe083171f3e701eb0a663 Mon Sep 17 00:00:00 2001
From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 28 Dec 2020 02:08:03 +0000
Subject: [PATCH] Don't let host enviroment to decide if a test is build
@@ -9,6 +9,7 @@ don't use SSHD on host to decide weither to build a test
Upstream-Status: Inappropriate[oe specific]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
tests/Makefile.am | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
@@ -41,6 +42,3 @@ index dc0922f..6cbc35d 100644
-endif
\ No newline at end of file
+endif
--
2.20.1

30
meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
View File

@@ -1,30 +0,0 @@
From efe7101786193eaddb749c0583af6b54aec6f289 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 2 Feb 2021 18:45:16 -0800
Subject: [PATCH] configure: Conditionally undefine backend m4 macro
Unlike the M4 builtin, this macro fails if macro is not defined
therefore recover the behavior of the builtin.
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index fe5054a..758f8c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,7 +127,7 @@ fi
m4_set_foreach([crypto_backends], [backend],
[AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")]
)
-m4_undefine([backend])
+m4_ifdef([backend], [m4_undefine([backend])])
# libz
--
2.30.0

112
meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
View File

@@ -1,112 +0,0 @@
From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Tue, 26 Jan 2021 11:41:21 -0800
Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550)
File: kex.c
Notes:
Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
Credit:
Stefan-Ghinea
Upstream-Status: Backport
Reference to upstream patch:
https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
---
src/kex.c | 66 +++++++++++++++++++++++++++----------------------------
1 file changed, 33 insertions(+), 33 deletions(-)
diff --git a/src/kex.c b/src/kex.c
index cb16639..19ab6ec 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
}
-#if LIBSSH2_ECDSA
-
-/* kex_session_ecdh_curve_type
- * returns the EC curve type by name used in key exchange
- */
-
-static int
-kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
-{
- int ret = 0;
- libssh2_curve_type type;
-
- if(name == NULL)
- return -1;
-
- if(strcmp(name, "ecdh-sha2-nistp256") == 0)
- type = LIBSSH2_EC_CURVE_NISTP256;
- else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
- type = LIBSSH2_EC_CURVE_NISTP384;
- else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
- type = LIBSSH2_EC_CURVE_NISTP521;
- else {
- ret = -1;
- }
-
- if(ret == 0 && out_type) {
- *out_type = type;
- }
-
- return ret;
-}
-
-
/* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY
*
* Macro that create and verifies EC SHA hash with a given digest bytes
@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
} \
+#if LIBSSH2_ECDSA
+
+/* kex_session_ecdh_curve_type
+ * returns the EC curve type by name used in key exchange
+ */
+
+static int
+kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
+{
+ int ret = 0;
+ libssh2_curve_type type;
+
+ if(name == NULL)
+ return -1;
+
+ if(strcmp(name, "ecdh-sha2-nistp256") == 0)
+ type = LIBSSH2_EC_CURVE_NISTP256;
+ else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
+ type = LIBSSH2_EC_CURVE_NISTP384;
+ else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
+ type = LIBSSH2_EC_CURVE_NISTP521;
+ else {
+ ret = -1;
+ }
+
+ if(ret == 0 && out_type) {
+ *out_type = type;
+ }
+
+ return ret;
+}
+
+
/* ecdh_sha2_nistp
* Elliptic Curve Diffie Hellman Key Exchange
*/
--
2.17.1

131
meta/recipes-support/libssh2/files/CVE-2019-17498.patch
View File

@@ -1,131 +0,0 @@
From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Fri, 30 Aug 2019 09:57:38 -0700
Subject: [PATCH] packet.c: improve message parsing (#402)
* packet.c: improve parsing of packets
file: packet.c
notes:
Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
Upstream-Status: Backport
CVE: CVE-2019-17498
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
src/packet.c | 68 ++++++++++++++++++++++------------------------------
1 file changed, 29 insertions(+), 39 deletions(-)
diff --git a/src/packet.c b/src/packet.c
index 38ab629..2e01bfc 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
size_t datalen, int macstate)
{
int rc = 0;
- char *message = NULL;
- char *language = NULL;
+ unsigned char *message = NULL;
+ unsigned char *language = NULL;
size_t message_len = 0;
size_t language_len = 0;
LIBSSH2_CHANNEL *channelp = NULL;
@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
case SSH_MSG_DISCONNECT:
if(datalen >= 5) {
- size_t reason = _libssh2_ntohu32(data + 1);
+ uint32_t reason = 0;
+ struct string_buf buf;
+ buf.data = (unsigned char *)data;
+ buf.dataptr = buf.data;
+ buf.len = datalen;
+ buf.dataptr++; /* advance past type */
- if(datalen >= 9) {
- message_len = _libssh2_ntohu32(data + 5);
+ _libssh2_get_u32(&buf, &reason);
+ _libssh2_get_string(&buf, &message, &message_len);
+ _libssh2_get_string(&buf, &language, &language_len);
- if(message_len < datalen-13) {
- /* 9 = packet_type(1) + reason(4) + message_len(4) */
- message = (char *) data + 9;
-
- language_len =
- _libssh2_ntohu32(data + 9 + message_len);
- language = (char *) data + 9 + message_len + 4;
-
- if(language_len > (datalen-13-message_len)) {
- /* bad input, clear info */
- language = message = NULL;
- language_len = message_len = 0;
- }
- }
- else
- /* bad size, clear it */
- message_len = 0;
- }
if(session->ssh_msg_disconnect) {
- LIBSSH2_DISCONNECT(session, reason, message,
- message_len, language, language_len);
+ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
+ message_len, (const char *)language,
+ language_len);
}
+
_libssh2_debug(session, LIBSSH2_TRACE_TRANS,
"Disconnect(%d): %s(%s)", reason,
message, language);
@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
int always_display = data[1];
if(datalen >= 6) {
- message_len = _libssh2_ntohu32(data + 2);
-
- if(message_len <= (datalen - 10)) {
- /* 6 = packet_type(1) + display(1) + message_len(4) */
- message = (char *) data + 6;
- language_len = _libssh2_ntohu32(data + 6 +
- message_len);
-
- if(language_len <= (datalen - 10 - message_len))
- language = (char *) data + 10 + message_len;
- }
+ struct string_buf buf;
+ buf.data = (unsigned char *)data;
+ buf.dataptr = buf.data;
+ buf.len = datalen;
+ buf.dataptr += 2; /* advance past type & always display */
+
+ _libssh2_get_string(&buf, &message, &message_len);
+ _libssh2_get_string(&buf, &language, &language_len);
}
if(session->ssh_msg_debug) {
- LIBSSH2_DEBUG(session, always_display, message,
- message_len, language, language_len);
+ LIBSSH2_DEBUG(session, always_display,
+ (const char *)message,
+ message_len, (const char *)language,
+ language_len);
}
}
+
/*
* _libssh2_debug will actually truncate this for us so
* that it's not an inordinate about of data
@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
uint32_t len = 0;
unsigned char want_reply = 0;
len = _libssh2_ntohu32(data + 1);
- if(datalen >= (6 + len)) {
+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
want_reply = data[5 + len];
_libssh2_debug(session,
LIBSSH2_TRACE_CONN,
--
2.17.1

10
meta/recipes-support/libssh2/libssh2_1.9.0.bb → meta/recipes-support/libssh2/libssh2_1.10.0.bb
View File

@@ -5,19 +5,15 @@ SECTION = "libs"
DEPENDS = "zlib"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=c5cf34fc0acb44b082ef50ef5e4354ca"
LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://CVE-2019-17498.patch \
file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \
file://run-ptest \
file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \
"
"
SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
SRC_URI[md5sum] = "1beefafe8963982adc84b408b2959927"
SRC_URI[sha256sum] = "d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd"
SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
inherit autotools pkgconfig ptest