Sync from SUSE:SLFO:Main libssh2_org revision 5fdf95a62f5a1bbcf006c3fe3d7cb40c

2024-06-07 18:40:12 +02:00 · 2024-06-07 18:40:12 +02:00 · d2f8d9d13e
commit d2f8d9d13e
parent 55f86e1efd
4 changed files with 113 additions and 0 deletions
--- a/libssh2_org-CVE-2023-48795-ext.patch
+++ b/libssh2_org-CVE-2023-48795-ext.patch
@ -0,0 +1,65 @@
+From 59786b186d4de8fd6cd5aeebedbce2362a849566 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Josef=20=C4=8Cejka?= <jcejka@suse.cz>
+Date: Tue, 6 Feb 2024 15:14:29 +0100
+Subject: [PATCH] Always add extension indicators to kex_algorithms
+
+KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
+are in default kex method list but they were lost
+after configuring custom kex method list in libssh2_session_method_pref().
+---
+ src/kex.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/kex.c b/src/kex.c
+index 8c65a0fe..1d1dadfa 100644
+--- a/src/kex.c
+++ b/src/kex.c
+@@ -4027,13 +4027,25 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+                             const char *prefs)
+ {
+     char **prefvar, *s, *newprefs;
+    char *tmpprefs = NULL;
+     size_t prefs_len = strlen(prefs);
+     const LIBSSH2_COMMON_METHOD **mlist;
+    const char *kex_extensions = "ext-info-c,kex-strict-c-v00@openssh.com,";
+    size_t kex_extensions_len = strlen(kex_extensions);
+ 
+     switch(method_type) {
+     case LIBSSH2_METHOD_KEX:
+         prefvar = &session->kex_prefs;
+         mlist = (const LIBSSH2_COMMON_METHOD **)libssh2_kex_methods;
+        tmpprefs = LIBSSH2_ALLOC(session, kex_extensions_len + prefs_len + 1);
+        if(!tmpprefs) {
+            return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                  "Error allocated space for kex method preferences");
+        }
+        memcpy(tmpprefs, kex_extensions, kex_extensions_len);
+        memcpy(tmpprefs + kex_extensions_len, prefs, prefs_len + 1);
+        prefs = tmpprefs;
+        prefs_len = strlen(prefs);
+         break;
+ 
+     case LIBSSH2_METHOD_HOSTKEY:
+@@ -4093,6 +4105,9 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+ 
+     s = newprefs = LIBSSH2_ALLOC(session, prefs_len + 1);
+     if(!newprefs) {
+        if (tmpprefs) {
+            LIBSSH2_FREE(session, tmpprefs);
+        }
+         return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                               "Error allocated space for method preferences");
+     }
+@@ -4121,6 +4136,10 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+         }
+     }
+ 
+    if (tmpprefs) {
+        LIBSSH2_FREE(session, tmpprefs);
+    }
+
+     if(!*newprefs) {
+         LIBSSH2_FREE(session, newprefs);
+         return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+-- 
+2.26.2
--- a/libssh2_org-ETM-remote.patch
+++ b/libssh2_org-ETM-remote.patch
@ -0,0 +1,26 @@
+From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001
+From: Josef Cejka <jcejka@suse.com>
+Date: Thu, 28 Mar 2024 23:38:47 +0100
+Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)
+
+We should check if encrypt-then-MAC feature is enabled in remote end's
+configuration.
+
+Fixes #1331
+---
+ src/transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 531f5aa15a..af175d3fa1 100644
+--- a/src/transport.c
+++ b/src/transport.c
+@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+                                    make the checks below work fine still */
+         }
+ 
+-        etm = encrypted && session->local.mac ? session->local.mac->etm : 0;
+        etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;
+ 
+         /* read/use a whole big chunk into a temporary area stored in
+            the LIBSSH2_SESSION struct. We will decrypt data from that
--- a/libssh2_org.changes
+++ b/libssh2_org.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Apr  2 16:48:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
+  * Test the ETM feature in the remote end's configuration when
+    receiving data. Upstream issue: #1331.
+  * Add libssh2_org-ETM-remote.patch
+
+-------------------------------------------------------------------
+Fri Feb  9 14:55:47 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
+  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
+  * The strict-kex extension is announced in the list of available
+    KEX methods. However, when the default KEX method list is modified
+    or replaced, the extension is not added back automatically.
+  * Add libssh2_org-CVE-2023-48795-ext.patch
+
 -------------------------------------------------------------------
 Tue Dec 19 11:25:35 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/libssh2_org.spec
+++ b/libssh2_org.spec
@ -31,6 +31,10 @@ Source3:        libssh2_org.keyring
 Patch0:         libssh2-ocloexec.patch
 # PATCH-FIX-UPSTREAM bsc#1218127 CVE-2023-48795: Add 'strict KEX' to fix Terrapin Attack
 Patch1:         libssh2_org-CVE-2023-48795.patch
+# PATCH-FIX-SUSE bsc#1218971 Always add extension indicators to kex_algorithms
+Patch2:         libssh2_org-CVE-2023-48795-ext.patch
+# PATCH-FIX-UPSTREAM bsc#1221622 Test ETM feature in remote end's config when receiving data
+Patch3:         libssh2_org-ETM-remote.patch
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig