From 09a3f7c6fcbb5c63ecd402daef7fd9714d3720d3 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 26 Jun 2022 11:33:41 +0200 Subject: [PATCH] gnu: libssh2: Update to 1.10.0. * gnu/packages/ssh.scm (libssh2): Update to 1.10.0. [source](patches): Remove. * gnu/packages/patches/libssh2-CVE-2019-17498.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 1 - .../patches/libssh2-CVE-2019-17498.patch | 126 ------------------ gnu/packages/ssh.scm | 5 +- 3 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 gnu/packages/patches/libssh2-CVE-2019-17498.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7e4ed0d83f..435727879a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1410,7 +1410,6 @@ dist_patch_DATA = \ %D%/packages/patches/libqalculate-3.8.0-libcurl-ssl-fix.patch \ %D%/packages/patches/libquicktime-ffmpeg.patch \ %D%/packages/patches/librecad-support-for-boost-1.76.patch \ - %D%/packages/patches/libssh2-CVE-2019-17498.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtgvoip-disable-sse2.patch \ %D%/packages/patches/libtgvoip-disable-webrtc.patch \ diff --git a/gnu/packages/patches/libssh2-CVE-2019-17498.patch b/gnu/packages/patches/libssh2-CVE-2019-17498.patch deleted file mode 100644 index 6f69e562e2..0000000000 --- a/gnu/packages/patches/libssh2-CVE-2019-17498.patch +++ /dev/null @@ -1,126 +0,0 @@ -https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c.patch - -From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001 -From: Will Cosgrove -Date: Fri, 30 Aug 2019 09:57:38 -0700 -Subject: [PATCH] packet.c: improve message parsing (#402) - -* packet.c: improve parsing of packets - -file: packet.c - -notes: -Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST. ---- - src/packet.c | 68 ++++++++++++++++++++++------------------------------ - 1 file changed, 29 insertions(+), 39 deletions(-) - -diff --git a/src/packet.c b/src/packet.c -index 38ab62944..2e01bfc5d 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - size_t datalen, int macstate) - { - int rc = 0; -- char *message = NULL; -- char *language = NULL; -+ unsigned char *message = NULL; -+ unsigned char *language = NULL; - size_t message_len = 0; - size_t language_len = 0; - LIBSSH2_CHANNEL *channelp = NULL; -@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - - case SSH_MSG_DISCONNECT: - if(datalen >= 5) { -- size_t reason = _libssh2_ntohu32(data + 1); -+ uint32_t reason = 0; -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr++; /* advance past type */ - -- if(datalen >= 9) { -- message_len = _libssh2_ntohu32(data + 5); -+ _libssh2_get_u32(&buf, &reason); -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - -- if(message_len < datalen-13) { -- /* 9 = packet_type(1) + reason(4) + message_len(4) */ -- message = (char *) data + 9; -- -- language_len = -- _libssh2_ntohu32(data + 9 + message_len); -- language = (char *) data + 9 + message_len + 4; -- -- if(language_len > (datalen-13-message_len)) { -- /* bad input, clear info */ -- language = message = NULL; -- language_len = message_len = 0; -- } -- } -- else -- /* bad size, clear it */ -- message_len = 0; -- } - if(session->ssh_msg_disconnect) { -- LIBSSH2_DISCONNECT(session, reason, message, -- message_len, language, language_len); -+ LIBSSH2_DISCONNECT(session, reason, (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } -+ - _libssh2_debug(session, LIBSSH2_TRACE_TRANS, - "Disconnect(%d): %s(%s)", reason, - message, language); -@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - int always_display = data[1]; - - if(datalen >= 6) { -- message_len = _libssh2_ntohu32(data + 2); -- -- if(message_len <= (datalen - 10)) { -- /* 6 = packet_type(1) + display(1) + message_len(4) */ -- message = (char *) data + 6; -- language_len = _libssh2_ntohu32(data + 6 + -- message_len); -- -- if(language_len <= (datalen - 10 - message_len)) -- language = (char *) data + 10 + message_len; -- } -+ struct string_buf buf; -+ buf.data = (unsigned char *)data; -+ buf.dataptr = buf.data; -+ buf.len = datalen; -+ buf.dataptr += 2; /* advance past type & always display */ -+ -+ _libssh2_get_string(&buf, &message, &message_len); -+ _libssh2_get_string(&buf, &language, &language_len); - } - - if(session->ssh_msg_debug) { -- LIBSSH2_DEBUG(session, always_display, message, -- message_len, language, language_len); -+ LIBSSH2_DEBUG(session, always_display, -+ (const char *)message, -+ message_len, (const char *)language, -+ language_len); - } - } -+ - /* - * _libssh2_debug will actually truncate this for us so - * that it's not an inordinate about of data -@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - uint32_t len = 0; - unsigned char want_reply = 0; - len = _libssh2_ntohu32(data + 1); -- if(datalen >= (6 + len)) { -+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) { - want_reply = data[5 + len]; - _libssh2_debug(session, - LIBSSH2_TRACE_CONN, diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index aa540c1012..db1aa0d595 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -159,7 +159,7 @@ applications.") (define-public libssh2 (package (name "libssh2") - (version "1.9.0") + (version "1.10.0") (source (origin (method url-fetch) (uri (string-append @@ -167,8 +167,7 @@ applications.") version ".tar.gz")) (sha256 (base32 - "1zfsz9nldakfz61d2j70pk29zlmj7w2vv46s9l3x2prhcgaqpyym")) - (patches (search-patches "libssh2-CVE-2019-17498.patch")))) + "0l8xwhhscvss7q007vpbkbv7jh9s43579rx2sf8lnfgd7l7yjr1d")))) (build-system gnu-build-system) ;; The installed libssh2.pc file does not include paths to libgcrypt and ;; zlib libraries, so we need to propagate the inputs.