libssh2_org/libssh2_org-ETM-remote.patch

From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001
From: Josef Cejka <jcejka@suse.com>
Date: Thu, 28 Mar 2024 23:38:47 +0100
Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)

We should check if encrypt-then-MAC feature is enabled in remote end's
configuration.

Fixes #1331
---
 src/transport.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/transport.c b/src/transport.c
index 531f5aa15a..af175d3fa1 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
                                    make the checks below work fine still */
         }
 
-        etm = encrypted && session->local.mac ? session->local.mac->etm : 0;
+        etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;
 
         /* read/use a whole big chunk into a temporary area stored in
            the LIBSSH2_SESSION struct. We will decrypt data from that
- Update to 1.11.1: * build: enable '-pedantic-errors' * build: add 'LIBSSH2_NO_DEPRECATED' option * build: stop requiring libssl from openssl * disable DSA by default * hostkey: do not advertise ssh-rsa when SHA1 is disabled * kex: prevent possible double free of hostkey * kex: always check for null pointers before calling _libssh2_bn_set_word * kex: fix a memory leak in key exchange * kex: always add extension indicators to kex_algorithms * md5: allow disabling old-style encrypted private keys at build-time * openssl: free allocated resources when using openssl3 * openssl: fix memory leaks in '_libssh2_ecdsa_curve_name_with_octal_new' and '_libssh2_ecdsa_verify' * openssl: fix calculating DSA public key with OpenSSL 3 * openssl: initialize BIGNUMs to NULL in 'gen_publickey_from_dsa' for OpenSSL 3 * openssl: fix cppcheck found NULL dereferences * openssl: delete internal 'read_openssh_private_key_from_memory()' * openssl: use OpenSSL 3 HMAC API, add 'no-deprecated' CI job * openssl: make a function static, add '#ifdef' comments * openssl: fix DSA code to use OpenSSL 3 API * openssl: fix 'EC_KEY' reference with OpenSSL 3 'no-deprecated' build * openssl: use non-deprecated APIs with OpenSSL 3.x * openssl: silence '-Wunused-value' warnings * openssl: add missing check for 'LIBRESSL_VERSION_NUMBER' before use * packet: properly bounds check packet_authagent_open() * pem: fix private keys encrypted with AES-GCM methods * reuse: provide SPDX identifiers * scp: fix missing cast for targets without large file support * session: support server banners up to 8192 bytes OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=79 2024-11-13 08:54:33 +00:00			`From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001`
			`From: Josef Cejka <jcejka@suse.com>`
			`Date: Thu, 28 Mar 2024 23:38:47 +0100`
			`Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)`

			`We should check if encrypt-then-MAC feature is enabled in remote end's`
			`configuration.`

			`Fixes #1331`
			`---`
			`src/transport.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/src/transport.c b/src/transport.c`
			`index 531f5aa15a..af175d3fa1 100644`
			`--- a/src/transport.c`
			`+++ b/src/transport.c`
			`@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)`
			`make the checks below work fine still */`
			`}`

			`- etm = encrypted && session->local.mac ? session->local.mac->etm : 0;`
			`+ etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;`

			`/* read/use a whole big chunk into a temporary area stored in`
			`the LIBSSH2_SESSION struct. We will decrypt data from that`