From 24b9d6f4881b4e41caf860f45878e3475150b3902f141824400d340bd48e5f44 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 2 Apr 2024 21:52:22 +0000
Subject: [PATCH] Accepting request 1164237 from
 home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
  * Test the ETM feature in the remote end's configuration when
    receiving data. Upstream issue: #1331.
  * Add libssh2_org-ETM-remote.patch

- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
  * The strict-kex extension is announced in the list of available
    KEX methods. However, when the default KEX method list is modified
    or replaced, the extension is not added back automatically.
  * Add libssh2_org-CVE-2023-48795-ext.patch

OBS-URL: https://build.opensuse.org/request/show/1164237
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=77
---
 libssh2_org-CVE-2023-48795-ext.patch | 65 ++++++++++++++++++++++++++++
 libssh2_org-ETM-remote.patch         | 26 +++++++++++
 libssh2_org.changes                  | 18 ++++++++
 libssh2_org.spec                     | 12 ++---
 4 files changed, 116 insertions(+), 5 deletions(-)
 create mode 100644 libssh2_org-CVE-2023-48795-ext.patch
 create mode 100644 libssh2_org-ETM-remote.patch

diff --git a/libssh2_org-CVE-2023-48795-ext.patch b/libssh2_org-CVE-2023-48795-ext.patch
new file mode 100644
index 0000000..272a9af
--- /dev/null
+++ b/libssh2_org-CVE-2023-48795-ext.patch
@@ -0,0 +1,65 @@
+From 59786b186d4de8fd6cd5aeebedbce2362a849566 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Josef=20=C4=8Cejka?= <jcejka@suse.cz>
+Date: Tue, 6 Feb 2024 15:14:29 +0100
+Subject: [PATCH] Always add extension indicators to kex_algorithms
+
+KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
+are in default kex method list but they were lost
+after configuring custom kex method list in libssh2_session_method_pref().
+---
+ src/kex.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/src/kex.c b/src/kex.c
+index 8c65a0fe..1d1dadfa 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -4027,13 +4027,25 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+                             const char *prefs)
+ {
+     char **prefvar, *s, *newprefs;
++    char *tmpprefs = NULL;
+     size_t prefs_len = strlen(prefs);
+     const LIBSSH2_COMMON_METHOD **mlist;
++    const char *kex_extensions = "ext-info-c,kex-strict-c-v00@openssh.com,";
++    size_t kex_extensions_len = strlen(kex_extensions);
+ 
+     switch(method_type) {
+     case LIBSSH2_METHOD_KEX:
+         prefvar = &session->kex_prefs;
+         mlist = (const LIBSSH2_COMMON_METHOD **)libssh2_kex_methods;
++        tmpprefs = LIBSSH2_ALLOC(session, kex_extensions_len + prefs_len + 1);
++        if(!tmpprefs) {
++            return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
++                                  "Error allocated space for kex method preferences");
++        }
++        memcpy(tmpprefs, kex_extensions, kex_extensions_len);
++        memcpy(tmpprefs + kex_extensions_len, prefs, prefs_len + 1);
++        prefs = tmpprefs;
++        prefs_len = strlen(prefs);
+         break;
+ 
+     case LIBSSH2_METHOD_HOSTKEY:
+@@ -4093,6 +4105,9 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+ 
+     s = newprefs = LIBSSH2_ALLOC(session, prefs_len + 1);
+     if(!newprefs) {
++        if (tmpprefs) {
++            LIBSSH2_FREE(session, tmpprefs);
++        }
+         return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                               "Error allocated space for method preferences");
+     }
+@@ -4121,6 +4136,10 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+         }
+     }
+ 
++    if (tmpprefs) {
++        LIBSSH2_FREE(session, tmpprefs);
++    }
++
+     if(!*newprefs) {
+         LIBSSH2_FREE(session, newprefs);
+         return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+-- 
+2.26.2
diff --git a/libssh2_org-ETM-remote.patch b/libssh2_org-ETM-remote.patch
new file mode 100644
index 0000000..31a0a6e
--- /dev/null
+++ b/libssh2_org-ETM-remote.patch
@@ -0,0 +1,26 @@
+From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001
+From: Josef Cejka <jcejka@suse.com>
+Date: Thu, 28 Mar 2024 23:38:47 +0100
+Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)
+
+We should check if encrypt-then-MAC feature is enabled in remote end's
+configuration.
+
+Fixes #1331
+---
+ src/transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 531f5aa15a..af175d3fa1 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+                                    make the checks below work fine still */
+         }
+ 
+-        etm = encrypted && session->local.mac ? session->local.mac->etm : 0;
++        etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;
+ 
+         /* read/use a whole big chunk into a temporary area stored in
+            the LIBSSH2_SESSION struct. We will decrypt data from that
diff --git a/libssh2_org.changes b/libssh2_org.changes
index 032c9bf..f6f3864 100644
--- a/libssh2_org.changes
+++ b/libssh2_org.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Apr  2 16:48:26 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
+  * Test the ETM feature in the remote end's configuration when
+    receiving data. Upstream issue: #1331.
+  * Add libssh2_org-ETM-remote.patch
+
+-------------------------------------------------------------------
+Fri Feb  9 14:55:47 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
+  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
+  * The strict-kex extension is announced in the list of available
+    KEX methods. However, when the default KEX method list is modified
+    or replaced, the extension is not added back automatically.
+  * Add libssh2_org-CVE-2023-48795-ext.patch
+
 -------------------------------------------------------------------
 Tue Dec 19 11:25:35 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
 
diff --git a/libssh2_org.spec b/libssh2_org.spec
index 94549b7..fe4aeb3 100644
--- a/libssh2_org.spec
+++ b/libssh2_org.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libssh2_org
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,10 @@ Source3:        libssh2_org.keyring
 Patch0:         libssh2-ocloexec.patch
 # PATCH-FIX-UPSTREAM bsc#1218127 CVE-2023-48795: Add 'strict KEX' to fix Terrapin Attack
 Patch1:         libssh2_org-CVE-2023-48795.patch
+# PATCH-FIX-SUSE bsc#1218971 Always add extension indicators to kex_algorithms
+Patch2:         libssh2_org-CVE-2023-48795-ext.patch
+# PATCH-FIX-UPSTREAM bsc#1221622 Test ETM feature in remote end's config when receiving data
+Patch3:         libssh2_org-ETM-remote.patch
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
@@ -83,10 +87,10 @@ export CFLAGS="%{optflags} -DOPENSSL_LOAD_CONF"
     --with-libssl-prefix=%{_prefix} \
     --with-libz=%{_prefix}
 
-make %{?_smp_mflags}
+%make_build
 
 %check
-make %{?_smp_mflags} check
+%make_build check
 
 %install
 %make_install
@@ -96,11 +100,9 @@ rm -f %{buildroot}%{_libdir}/*.la %{buildroot}%{_libdir}/*.a
 %postun -n libssh2-1 -p /sbin/ldconfig
 
 %files -n libssh2-1
-%defattr(-,root,root)
 %{_libdir}/libssh2.so.1*
 
 %files -n libssh2-devel
-%defattr(-,root,root)
 %doc NEWS docs/BINDINGS.md docs/HACKING.md docs/TODO
 %{_libdir}/libssh2.so
 %{_includedir}/*.h