nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: libssh: Update to 0.7.6 [fixes CVE-2018-10933]. 

* gnu/packages/ssh.scm (libssh): Update to 0.7.6.
* gnu/packages/patches/libssh-hostname-parser-bug.patch: Adjust patch.
This commit is contained in:
Leo Famulari 2018-10-16 14:15:19 -04:00
parent 75b2afd953
commit eed00f93e8
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
2 changed files with 33 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
gnu/packages/patches/libssh-hostname-parser-bug.patch
View File

@ -1,31 +1,17 @@
Fix "Hostname" parsing in OpenSSH config files, as reported It does not handle the case for the unsupported opcode (-1)
at <https://red.libssh.org/issues/260>.
From: Niels Ole Salscheider <niels_ole@salscheider-online.de>
Date: Mon, 8 May 2017 17:36:13 +0200
Subject: [PATCH] Fix reading of the first parameter
This is a fixup for 7b8b5eb4eac314a3a29be812bef0264c6611f6e7.
Previously, it would return as long as the parameter was _not_ seen
before. It also did not handle the case for the unsupported opcode (-1)
which would cause a segfault when accessing the "seen" array. which would cause a segfault when accessing the "seen" array.
---
src/config.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/config.c b/src/config.c diff --git a/src/config.c b/src/config.c
index 7c03b27..238a655 100644 index c5313ec8..72e07639 100644
--- a/src/config.c --- a/src/config.c
+++ b/src/config.c +++ b/src/config.c
@@ -218,8 +218,9 @@ static int ssh_config_parse_line(ssh_session session, const char *line, @@ -218,7 +218,8 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
} }
opcode = ssh_config_get_opcode(keyword); opcode = ssh_config_get_opcode(keyword);
- if (*parsing == 1 && opcode != SOC_HOST) { - if (*parsing == 1 && opcode != SOC_HOST) {
- if (seen[opcode] == 0) {
+ if (*parsing == 1 && opcode != SOC_HOST && + if (*parsing == 1 && opcode != SOC_HOST &&
+ opcode > SOC_UNSUPPORTED && opcode < SOC_END) { + opcode > SOC_UNSUPPORTED && opcode < SOC_END) {
+ if (seen[opcode] == 1) { if (seen[opcode] != 0) {
return 0; return 0;
} }
seen[opcode] = 1;

62
gnu/packages/ssh.scm
View File

@ -65,40 +65,36 @@
#:use-module (srfi srfi-1)) #:use-module (srfi srfi-1))
(define-public libssh (define-public libssh
;; This commit from the 'v0-7' branch contains 7 memory-management-related (package
;; bug fixes that we'd rather have. (name "libssh")
(let ((commit "239d0f75b5f909174c2ef7fb08d23bcfa6b20ba0") (version "0.7.6")
(revision "0")) (source (origin
(package (method git-fetch)
(name "libssh") (uri (git-reference
(version (git-version "0.7.5" revision commit)) (url "https://git.libssh.org/projects/libssh.git")
(source (origin (commit (string-append "libssh-" version))))
(method git-fetch) (patches (search-patches "libssh-hostname-parser-bug.patch"))
(uri (git-reference (sha256
(url "https://git.libssh.org/projects/libssh.git") (base32
(commit commit))) "0slwqa36mhyb6brdv2jvb9fxp7rvsv3ziv67kaxx615jxn52l5pa"))
(sha256 (file-name (git-file-name name version))))
(base32 (build-system cmake-build-system)
"01w72w1jsgs9ilj3n1gp6qkmdxr9n74i5h2nipi3x1vzm7bv8na1")) (outputs '("out" "debug"))
(patches (search-patches "libssh-hostname-parser-bug.patch")) (arguments
(file-name (git-file-name name version)))) '(#:configure-flags '("-DWITH_GCRYPT=ON")
(build-system cmake-build-system)
(outputs '("out" "debug"))
(arguments
'(#:configure-flags '("-DWITH_GCRYPT=ON")
;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite. ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
#:tests? #f)) #:tests? #f))
(inputs `(("zlib" ,zlib) (inputs `(("zlib" ,zlib)
("libgcrypt" ,libgcrypt))) ("libgcrypt" ,libgcrypt)))
(synopsis "SSH client library") (synopsis "SSH client library")
(description (description
"libssh is a C library implementing the SSHv2 and SSHv1 protocol for "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
client and server implementations. With libssh, you can remotely execute and server implementations. With libssh, you can remotely execute programs,
programs, transfer files, and use a secure and transparent tunnel for your transfer files, and use a secure and transparent tunnel for your remote
remote applications.") applications.")
(home-page "https://www.libssh.org") (home-page "https://www.libssh.org")
(license license:lgpl2.1+)))) (license license:lgpl2.1+)))
(define-public libssh2 (define-public libssh2
(package (package