diff options
-rw-r--r-- | community/libssh/APKBUILD | 8 | ||||
-rw-r--r-- | community/libssh/CVE-2020-16135.patch | 37 | ||||
-rw-r--r-- | main/libssh/CVE-2020-16135.patch | 37 |
3 files changed, 80 insertions, 2 deletions
diff --git a/community/libssh/APKBUILD b/community/libssh/APKBUILD index 11dc9f5590b..2df88c1ee3f 100644 --- a/community/libssh/APKBUILD +++ b/community/libssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh pkgver=0.9.4 -pkgrel=0 +pkgrel=1 pkgdesc="Library for accessing ssh client services through C libraries" url="https://www.libssh.org/" arch="all" @@ -12,9 +12,12 @@ makedepends="$depends_dev cmake doxygen" checkdepends="cmocka-dev" subpackages="$pkgname-dev" source="https://www.libssh.org/files/${pkgver%.*}/libssh-$pkgver.tar.xz + CVE-2020-16135.patch " # secfixes: +# 0.9.4-r1: +# - CVE-2020-16135 # 0.9.4-r0: # - CVE-2020-1730 # 0.9.3-r0: @@ -46,4 +49,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="38705c19c293ea5e6d286d22eb17021dbe58d88c1e647b699933aa0db9ca1174d43d1ff76c1a1b17bf2cc1a8297ec02f1a67dd9e969676dd69cf6fbdae9bc8d4 libssh-0.9.4.tar.xz" +sha512sums="38705c19c293ea5e6d286d22eb17021dbe58d88c1e647b699933aa0db9ca1174d43d1ff76c1a1b17bf2cc1a8297ec02f1a67dd9e969676dd69cf6fbdae9bc8d4 libssh-0.9.4.tar.xz +db6bc86b982f740b94cbbebd16985faf23fb084b6af38da1f4e1e6ce0783dd9bddd755347a553765d237c338b70f9d12b60a6f7b2b4ddf836dfbeb58005fbb0a CVE-2020-16135.patch" diff --git a/community/libssh/CVE-2020-16135.patch b/community/libssh/CVE-2020-16135.patch new file mode 100644 index 00000000000..eae466070c9 --- /dev/null +++ b/community/libssh/CVE-2020-16135.patch @@ -0,0 +1,37 @@ +From e631ebb3e2247dd25e9678e6827c20dc73b73238 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: sftpserver: Add missing NULL check for ssh_buffer_new() + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +Reviewed-by: Jakub Jelen <jjelen@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 5a2110e5..b639a2ce 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +cgit v1.2.1 + diff --git a/main/libssh/CVE-2020-16135.patch b/main/libssh/CVE-2020-16135.patch new file mode 100644 index 00000000000..eae466070c9 --- /dev/null +++ b/main/libssh/CVE-2020-16135.patch @@ -0,0 +1,37 @@ +From e631ebb3e2247dd25e9678e6827c20dc73b73238 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: sftpserver: Add missing NULL check for ssh_buffer_new() + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +Reviewed-by: Jakub Jelen <jjelen@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 5a2110e5..b639a2ce 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +cgit v1.2.1 + |