[arch-commits] Commit in libssh/trunk (CVE-2014-0017.patch PKGBUILD)
Bartłomiej Piotrowski
bpiotrowski at nymeria.archlinux.org
Sun Mar 9 16:42:55 UTC 2014
Date: Sunday, March 9, 2014 @ 17:42:55
Author: bpiotrowski
Revision: 207451
upgpkg: libssh 0.5.5-3
fix CVE-2014-0017
Added:
libssh/trunk/CVE-2014-0017.patch
Modified:
libssh/trunk/PKGBUILD
---------------------+
CVE-2014-0017.patch | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 9 ++++--
2 files changed, 73 insertions(+), 3 deletions(-)
Added: CVE-2014-0017.patch
===================================================================
--- CVE-2014-0017.patch (rev 0)
+++ CVE-2014-0017.patch 2014-03-09 16:42:55 UTC (rev 207451)
@@ -0,0 +1,67 @@
+diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+--- a/include/libssh/wrapper.h 2013-07-26 06:39:39.000000000 +0000
++++ b/include/libssh/wrapper.h 2014-03-09 16:38:49.807812235 +0000
+@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+
++void ssh_reseed(void);
+
+ #endif /* WRAPPER_H_ */
+diff -rupN a/src/bind.c b/src/bind.c
+--- a/src/bind.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/bind.c 2014-03-09 16:39:00.571080087 +0000
+@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss
+ session->dsa_key = dsa;
+ session->rsa_key = rsa;
+
++ ssh_reseed();
+ return SSH_OK;
+ }
+
+diff -rupN a/src/libcrypto.c b/src/libcrypto.c
+--- a/src/libcrypto.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libcrypto.c 2014-03-09 16:40:07.807331327 +0000
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ struct timeval tv;
++ gettimeofday(&tv, NULL);
++ RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+ SHACTX c = malloc(sizeof(*c));
+ if (c == NULL) {
+diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c
+--- a/src/libgcrypt.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libgcrypt.c 2014-03-09 16:40:51.730392881 +0000
+@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ }
++
+ SHACTX sha1_init(void) {
+ SHACTX ctx = NULL;
+ gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-03-09 13:38:52 UTC (rev 207450)
+++ PKGBUILD 2014-03-09 16:42:55 UTC (rev 207451)
@@ -6,7 +6,7 @@
pkgname=libssh
pkgver=0.5.5
-pkgrel=2
+pkgrel=3
pkgdesc="Library for accessing ssh client services through C libraries"
url="http://www.libssh.org/"
license=('LGPL')
@@ -15,10 +15,12 @@
makedepends=('cmake' 'doxygen')
source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
0004-reset-global-request-status.patch
- 0005-multi-reverse-fwd.patch)
+ 0005-multi-reverse-fwd.patch
+ CVE-2014-0017.patch)
md5sums=('bb308196756c7255c0969583d917136b'
'0d8c28906b07e31466157b1fda441f4a'
- '6fa3a1a4f448e85a7eb39360f4a72ce9')
+ '6fa3a1a4f448e85a7eb39360f4a72ce9'
+ '2eddf36e41adf62e4094f17b64d466e0')
prepare() {
cd ${pkgname}-${pkgver}
@@ -26,6 +28,7 @@
# see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
+ patch -Np1 -i ${srcdir}/CVE-2014-0017.patch
}
build() {
More information about the arch-commits
mailing list