Sync from SUSE:SLFO:Main libssh2_org revision 5fdf95a62f5a1bbcf006c3fe3d7cb40c

2024-06-07 18:40:12 +02:00 · 2024-06-07 18:40:12 +02:00 · d2f8d9d13e
commit d2f8d9d13e
parent 55f86e1efd
4 changed files with 113 additions and 0 deletions
--- a/libssh2_org-CVE-2023-48795-ext.patch
+++ b/libssh2_org-CVE-2023-48795-ext.patch
@ -0,0 +1,65 @@
 From 59786b186d4de8fd6cd5aeebedbce2362a849566 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Josef=20=C4=8Cejka?= <jcejka@suse.cz>
 Date: Tue, 6 Feb 2024 15:14:29 +0100
 Subject: [PATCH] Always add extension indicators to kex_algorithms
 KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
 are in default kex method list but they were lost
 after configuring custom kex method list in libssh2_session_method_pref().
 ---
 src/kex.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 diff --git a/src/kex.c b/src/kex.c
 index 8c65a0fe..1d1dadfa 100644
 --- a/src/kex.c
 +++ b/src/kex.c
@@ -4027,13 +4027,25 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
                             const char *prefs)
 {
     char **prefvar, *s, *newprefs;
 +    char *tmpprefs = NULL;
     size_t prefs_len = strlen(prefs);
     const LIBSSH2_COMMON_METHOD **mlist;
 +    const char *kex_extensions = "ext-info-c,kex-strict-c-v00@openssh.com,";
 +    size_t kex_extensions_len = strlen(kex_extensions);
     switch(method_type) {
     case LIBSSH2_METHOD_KEX:
         prefvar = &session->kex_prefs;
         mlist = (const LIBSSH2_COMMON_METHOD **)libssh2_kex_methods;
 +        tmpprefs = LIBSSH2_ALLOC(session, kex_extensions_len + prefs_len + 1);
 +        if(!tmpprefs) {
 +            return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
 +                                  "Error allocated space for kex method preferences");
 +        }
 +        memcpy(tmpprefs, kex_extensions, kex_extensions_len);
 +        memcpy(tmpprefs + kex_extensions_len, prefs, prefs_len + 1);
 +        prefs = tmpprefs;
 +        prefs_len = strlen(prefs);
         break;
     case LIBSSH2_METHOD_HOSTKEY:
@@ -4093,6 +4105,9 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
     s = newprefs = LIBSSH2_ALLOC(session, prefs_len + 1);
     if(!newprefs) {
 +        if (tmpprefs) {
 +            LIBSSH2_FREE(session, tmpprefs);
 +        }
         return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                               "Error allocated space for method preferences");
     }
@@ -4121,6 +4136,10 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
         }
     }
 +    if (tmpprefs) {
 +        LIBSSH2_FREE(session, tmpprefs);
 +    }
 +
     if(!*newprefs) {
         LIBSSH2_FREE(session, newprefs);
         return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
 -- 
 2.26.2
--- a/libssh2_org-ETM-remote.patch
+++ b/libssh2_org-ETM-remote.patch
@ -0,0 +1,26 @@
 From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001
 From: Josef Cejka <jcejka@suse.com>
 Date: Thu, 28 Mar 2024 23:38:47 +0100
 Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)
 We should check if encrypt-then-MAC feature is enabled in remote end's
 configuration.
 Fixes #1331
 ---
 src/transport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/transport.c b/src/transport.c
 index 531f5aa15a..af175d3fa1 100644
 --- a/src/transport.c
 +++ b/src/transport.c
@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
                                    make the checks below work fine still */
         }
 -        etm = encrypted && session->local.mac ? session->local.mac->etm : 0;
 +        etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;
         /* read/use a whole big chunk into a temporary area stored in
            the LIBSSH2_SESSION struct. We will decrypt data from that
--- a/libssh2_org.changes
+++ b/libssh2_org.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Tue Apr  2 16:48:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 - Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
  * Test the ETM feature in the remote end's configuration when
    receiving data. Upstream issue: #1331.
  * Add libssh2_org-ETM-remote.patch
 -------------------------------------------------------------------
 Fri Feb  9 14:55:47 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
  * The strict-kex extension is announced in the list of available
    KEX methods. However, when the default KEX method list is modified
    or replaced, the extension is not added back automatically.
  * Add libssh2_org-CVE-2023-48795-ext.patch
 -------------------------------------------------------------------
 Tue Dec 19 11:25:35 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
--- a/libssh2_org.spec
+++ b/libssh2_org.spec
@ -31,6 +31,10 @@ Source3:        libssh2_org.keyring
 Patch0:         libssh2-ocloexec.patch
 # PATCH-FIX-UPSTREAM bsc#1218127 CVE-2023-48795: Add 'strict KEX' to fix Terrapin Attack
 Patch1:         libssh2_org-CVE-2023-48795.patch
 # PATCH-FIX-SUSE bsc#1218971 Always add extension indicators to kex_algorithms
 Patch2:         libssh2_org-CVE-2023-48795-ext.patch
 # PATCH-FIX-UPSTREAM bsc#1221622 Test ETM feature in remote end's config when receiving data
 Patch3:         libssh2_org-ETM-remote.patch
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig