[arch-commits] Commit in libssh/repos (3 files)

Christian Hesse eworm at archlinux.org
Mon Aug 24 08:09:35 UTC 2020


    Date: Monday, August 24, 2020 @ 08:09:35
  Author: eworm
Revision: 394634

archrelease: copy trunk to testing-x86_64

Added:
  libssh/repos/testing-x86_64/
  libssh/repos/testing-x86_64/0001-CVE-2020-16135.patch
    (from rev 394633, libssh/trunk/0001-CVE-2020-16135.patch)
  libssh/repos/testing-x86_64/PKGBUILD
    (from rev 394633, libssh/trunk/PKGBUILD)

---------------------------+
 0001-CVE-2020-16135.patch |  165 ++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD                  |   64 +++++++++++++++++
 2 files changed, 229 insertions(+)

Copied: libssh/repos/testing-x86_64/0001-CVE-2020-16135.patch (from rev 394633, libssh/trunk/0001-CVE-2020-16135.patch)
===================================================================
--- testing-x86_64/0001-CVE-2020-16135.patch	                        (rev 0)
+++ testing-x86_64/0001-CVE-2020-16135.patch	2020-08-24 08:09:35 UTC (rev 394634)
@@ -0,0 +1,165 @@
+From 533d881b0f4b24c72b35ecc97fa35d295d063e53 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new()
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
+Reviewed-by: Jakub Jelen <jjelen at redhat.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 5a2110e5..b639a2ce 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+ 
+   /* take a copy of the whole packet */
+   msg->complete_message = ssh_buffer_new();
++  if (msg->complete_message == NULL) {
++      ssh_set_error_oom(session);
++      sftp_client_message_free(msg);
++      return NULL;
++  }
++
+   ssh_buffer_add_data(msg->complete_message,
+                       ssh_buffer_get(payload),
+                       ssh_buffer_get_len(payload));
+
+From 2782cb0495b7450bd8fe43ce4af886b66fea6c40 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:05:51 +0200
+Subject: [PATCH 2/4] sftpserver: Add missing return check for
+ ssh_buffer_add_data()
+
+Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
+Reviewed-by: Jakub Jelen <jjelen at redhat.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/sftpserver.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index b639a2ce..9117f155 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+       return NULL;
+   }
+ 
+-  ssh_buffer_add_data(msg->complete_message,
+-                      ssh_buffer_get(payload),
+-                      ssh_buffer_get_len(payload));
++  rc = ssh_buffer_add_data(msg->complete_message,
++                           ssh_buffer_get(payload),
++                           ssh_buffer_get_len(payload));
++  if (rc < 0) {
++      ssh_set_error_oom(session);
++      sftp_client_message_free(msg);
++      return NULL;
++  }
+ 
+   ssh_buffer_get_u32(payload, &msg->id);
+ 
+
+From 10b3ebbe61a7031a3dae97f05834442220447181 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:10:11 +0200
+Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data()
+
+Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
+Reviewed-by: Jakub Jelen <jjelen at redhat.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/buffer.c | 35 ++++++++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index a2e6246a..476bc135 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
+  */
+ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
+ {
+-  buffer_verify(buffer);
++    buffer_verify(buffer);
+ 
+-  if (data == NULL) {
+-      return -1;
+-  }
++    if (data == NULL) {
++        return -1;
++    }
+ 
+-  if (buffer->used + len < len) {
+-    return -1;
+-  }
++    if (buffer->used + len < len) {
++        return -1;
++    }
+ 
+-  if (buffer->allocated < (buffer->used + len)) {
+-    if(buffer->pos > 0)
+-      buffer_shift(buffer);
+-    if (realloc_buffer(buffer, buffer->used + len) < 0) {
+-      return -1;
++    if (buffer->allocated < (buffer->used + len)) {
++        if (buffer->pos > 0) {
++            buffer_shift(buffer);
++        }
++        if (realloc_buffer(buffer, buffer->used + len) < 0) {
++            return -1;
++        }
+     }
+-  }
+ 
+-  memcpy(buffer->data+buffer->used, data, len);
+-  buffer->used+=len;
+-  buffer_verify(buffer);
+-  return 0;
++    memcpy(buffer->data + buffer->used, data, len);
++    buffer->used += len;
++    buffer_verify(buffer);
++    return 0;
+ }
+ 
+ /**
+
+From 245ad744b5ab0582fef7cf3905a717b791d7e08b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:11:21 +0200
+Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument
+
+Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
+Reviewed-by: Jakub Jelen <jjelen at redhat.com>
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ src/buffer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 476bc135..ce12f491 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
+  */
+ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
+ {
++    if (buffer == NULL) {
++        return -1;
++    }
++
+     buffer_verify(buffer);
+ 
+     if (data == NULL) {

Copied: libssh/repos/testing-x86_64/PKGBUILD (from rev 394633, libssh/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2020-08-24 08:09:35 UTC (rev 394634)
@@ -0,0 +1,64 @@
+# Maintainer: Antonio Rojas <arojas at archlinux.org>
+# Contributor: Tom Gundersen <teg at jklm.no>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: ice-man <icemanf at gmail.com>
+# Contributor: sergeantspoon <sergeantspoon at archlinux.us>
+
+pkgbase=libssh
+pkgname=(libssh libssh-docs)
+pkgver=0.9.4
+pkgrel=2
+pkgdesc="Library for accessing ssh client services through C libraries"
+url="https://www.libssh.org/"
+license=(LGPL)
+arch=(x86_64)
+depends=(zlib openssl)
+makedepends=(cmake cmocka doxygen python)
+source=(https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.asc}
+        '0001-CVE-2020-16135.patch')
+sha256sums=('150897a569852ac05aac831dc417a7ba8e610c86ca2e0154a99c6ade2486226b'
+            'SKIP'
+            '5668b4fa30cea2fb998e7e8084639ac4d6a76972778ba24d477f6aa79cd84ec8')
+validpgpkeys=('8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D') # Andreas Schneider <asn at cryptomilk.org>
+
+prepare() {
+  # disable the test. It is confused by our clean container setup.
+  # 'extra-x86-build' uses user 'nobody' that has a record in /etc/passwd file
+  # but $HOME envvar is set to '/build'. The test expects that $HOME corresponds to passwd file.
+  sed 's/cmocka_unit_test(torture_path_expand_tilde_unix),//' -i libssh-${pkgver}/tests/unittests/torture_misc.c
+
+  mkdir -p build
+
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 < ../0001-CVE-2020-16135.patch
+}
+
+build() {
+  cd build
+  cmake ../$pkgname-$pkgver \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DWITH_GSSAPI=OFF \
+    -DUNIT_TESTING=ON
+  make
+  make docs
+}
+
+check() {
+  cd build
+  make test
+}
+
+package_libssh() {
+  cd build
+  make DESTDIR="$pkgdir" install
+}
+
+package_libssh-docs() {
+  pkgdesc="Documentation for libssh"
+  depends=()
+
+  mkdir -p "$pkgdir"/usr/share/doc/libssh
+  cp -r build/doc/html "$pkgdir"/usr/share/doc/libssh
+#  cp -r build/doc/man "$pkgdir"/usr/share
+#  rm "$pkgdir"/usr/share/man/man3/{bug,deprecated}.*
+}



More information about the arch-commits mailing list