aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-02-25 10:32:54 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-02-25 10:32:54 +0000
commit1ac4d544686cfe3f747f0239d54530c5cb71be88 (patch)
treef7976426936e0aebc63ec77b640bc727aa92445e
parent3ffde6161c4951006a14b23b6b89131114c846d4 (diff)
downloadaports-1ac4d544686cfe3f747f0239d54530c5cb71be88.tar.gz
aports-1ac4d544686cfe3f747f0239d54530c5cb71be88.tar.bz2
aports-1ac4d544686cfe3f747f0239d54530c5cb71be88.tar.xz
main/libssh2: security fix (CVE-2016-0787). Fixes #5179
-rw-r--r--main/libssh2/APKBUILD15
-rw-r--r--main/libssh2/CVE-2016-0787.patch32
2 files changed, 42 insertions, 5 deletions
diff --git a/main/libssh2/APKBUILD b/main/libssh2/APKBUILD
index fe7a710da3..8dd7fbc9ff 100644
--- a/main/libssh2/APKBUILD
+++ b/main/libssh2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libssh2
pkgver=1.6.0
-pkgrel=0
+pkgrel=1
pkgdesc="library for accessing ssh1/ssh2 protocol servers"
url="http://libssh2.org/"
arch="all"
@@ -12,7 +12,9 @@ depends_dev="openssl-dev zlib-dev"
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz"
+source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz
+ CVE-2016-0787.patch
+ "
_builddir="$srcdir"/libssh2-$pkgver
prepare() {
@@ -45,6 +47,9 @@ package() {
make DESTDIR="$pkgdir" install || return 1
}
-md5sums="00aabd6e714a5f42a4fb82ace20db1dd libssh2-1.6.0.tar.gz"
-sha256sums="5a202943a34a1d82a1c31f74094f2453c207bf9936093867f41414968c8e8215 libssh2-1.6.0.tar.gz"
-sha512sums="aa28bf782b5de1f09d1b85aa8b480069bf08494ed3505e59ed522799dd710905b8d3464b3447e35393764632d5e43d21990ceab9584a8df17abda4f85dfc2ec7 libssh2-1.6.0.tar.gz"
+md5sums="00aabd6e714a5f42a4fb82ace20db1dd libssh2-1.6.0.tar.gz
+c9b71c1590ee393df1c65a53602df8c8 CVE-2016-0787.patch"
+sha256sums="5a202943a34a1d82a1c31f74094f2453c207bf9936093867f41414968c8e8215 libssh2-1.6.0.tar.gz
+9635ff088a8e8cadc20e57a6dc991f4b8f1941c1aa719a319149943f030f2b97 CVE-2016-0787.patch"
+sha512sums="aa28bf782b5de1f09d1b85aa8b480069bf08494ed3505e59ed522799dd710905b8d3464b3447e35393764632d5e43d21990ceab9584a8df17abda4f85dfc2ec7 libssh2-1.6.0.tar.gz
+db215bbf379fa6c44c88d6e3fafc2e87ca06296399617a674a3e181f8b0db442146f3605e70c72b3d1cbd0363ff477bf07708c97cf22592d3929511f6c1172ba CVE-2016-0787.patch"
diff --git a/main/libssh2/CVE-2016-0787.patch b/main/libssh2/CVE-2016-0787.patch
new file mode 100644
index 0000000000..7b24f908fb
--- /dev/null
+++ b/main/libssh2/CVE-2016-0787.patch
@@ -0,0 +1,32 @@
+From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 11 Feb 2016 13:52:20 +0100
+Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits
+
+As otherwise we get far too small numbers.
+
+CVE-2016-0787
+---
+ src/kex.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index 6349457..e89b36c 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -751,11 +751,11 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
+
+ /* Zero the whole thing out */
+ memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+
+ /* Generate x and e */
+- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+ _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+ exchange_state->ctx);
+
+ /* Send KEX init */
+ /* packet_type(1) + String Length(4) + leading 0(1) */
+--
+2.7.0
+