* [Buildroot] [PATCH] package/libssh2: security bump to latest git
@ 2019-03-20 21:18 Peter Korsgaard
2019-03-20 23:01 ` Arnout Vandecappelle
2019-03-27 21:49 ` Peter Korsgaard
0 siblings, 2 replies; 5+ messages in thread
From: Peter Korsgaard @ 2019-03-20 21:18 UTC (permalink / raw)
To: buildroot
Bump the version to latest git to fix the following security issues:
CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3855.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3856.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
URL: https://www.libssh2.org/CVE-2019-3857.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
URL: https://www.libssh2.org/CVE-2019-3858.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
URL: https://www.libssh2.org/CVE-2019-3859.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
URL: https://www.libssh2.org/CVE-2019-3860.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
URL: https://www.libssh2.org/CVE-2019-3861.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
CVE-2019-3862
Out-of-bounds memory comparison
URL: https://www.libssh2.org/CVE-2019-3862.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
URL: https://www.libssh2.org/CVE-2019-3863.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-dereferencing-ambiguity-potentially-caus.patch | 51 ----------------------
package/libssh2/libssh2.hash | 2 +-
package/libssh2/libssh2.mk | 2 +-
3 files changed, 2 insertions(+), 53 deletions(-)
delete mode 100644 package/libssh2/0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch
diff --git a/package/libssh2/0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch b/package/libssh2/0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch
deleted file mode 100644
index 44eed2bac4..0000000000
--- a/package/libssh2/0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 28fe5e4de437f8fce6e428b7db9bc8640cda4c61 Mon Sep 17 00:00:00 2001
-From: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Date: Thu, 13 Sep 2018 09:51:35 +0200
-Subject: [PATCH] openssl: fix dereferencing ambiguity potentially causing
- build failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When dereferencing from *aes_ctr_cipher, being a pointer itself,
-ambiguity can occur with compiler and build can fail reporting:
-openssl.c:574:20: error: ?*aes_ctr_cipher? is a pointer; did you mean to use ?->??
- *aes_ctr_cipher->nid = type;
-
-Sorround every *aes_ctr_cipher-> occurence with paranthesis like this
-(*aes_ctr_cipher)->
-
-Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
-Upstream: https://github.com/libssh2/libssh2/commit/b5b6673c2823a18753a14571a6c01bde33fa3a8b
----
- src/openssl.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/openssl.c b/src/openssl.c
-index 678d5de..c26aaec 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -571,13 +571,13 @@ make_ctr_evp (size_t keylen, EVP_CIPHER **aes_ctr_cipher, int type)
- EVP_CIPHER_meth_set_cleanup(*aes_ctr_cipher, aes_ctr_cleanup);
- }
- #else
-- *aes_ctr_cipher->nid = type;
-- *aes_ctr_cipher->block_size = 16;
-- *aes_ctr_cipher->key_len = keylen;
-- *aes_ctr_cipher->iv_len = 16;
-- *aes_ctr_cipher->init = aes_ctr_init;
-- *aes_ctr_cipher->do_cipher = aes_ctr_do_cipher;
-- *aes_ctr_cipher->cleanup = aes_ctr_cleanup;
-+ (*aes_ctr_cipher)->nid = type;
-+ (*aes_ctr_cipher)->block_size = 16;
-+ (*aes_ctr_cipher)->key_len = keylen;
-+ (*aes_ctr_cipher)->iv_len = 16;
-+ (*aes_ctr_cipher)->init = aes_ctr_init;
-+ (*aes_ctr_cipher)->do_cipher = aes_ctr_do_cipher;
-+ (*aes_ctr_cipher)->cleanup = aes_ctr_cleanup;
- #endif
-
- return *aes_ctr_cipher;
---
-2.17.1
-
diff --git a/package/libssh2/libssh2.hash b/package/libssh2/libssh2.hash
index d57c8d7062..c4732a2c07 100644
--- a/package/libssh2/libssh2.hash
+++ b/package/libssh2/libssh2.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 ec2b32b44ae5f8fe094f663f63953fb31314de838eb36e8c47e5a89137b5a1bc libssh2-8b870ad771cbd9cd29edbb3dbb0878e950f868ab.tar.gz
+sha256 468e7a81a8121c06cb099eef2e17106b0b8c2e1d890b1c0e34e1951f182babb1 libssh2-1b3cbaff518f32e5b70650d4b7b52361b1410d37.tar.gz
sha256 e15ed284a15e80115467d6d7f030f0d89d8fabbecd78fb6e0f861f0cfc128fd9 COPYING
diff --git a/package/libssh2/libssh2.mk b/package/libssh2/libssh2.mk
index 89cb733224..ed0dd40bec 100644
--- a/package/libssh2/libssh2.mk
+++ b/package/libssh2/libssh2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBSSH2_VERSION = 8b870ad771cbd9cd29edbb3dbb0878e950f868ab
+LIBSSH2_VERSION = 1b3cbaff518f32e5b70650d4b7b52361b1410d37
LIBSSH2_SITE = $(call github,libssh2,libssh2,$(LIBSSH2_VERSION))
LIBSSH2_LICENSE = BSD
LIBSSH2_LICENSE_FILES = COPYING
--
2.11.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] package/libssh2: security bump to latest git
2019-03-20 21:18 [Buildroot] [PATCH] package/libssh2: security bump to latest git Peter Korsgaard
@ 2019-03-20 23:01 ` Arnout Vandecappelle
2019-03-25 17:33 ` Matthew Weber
2019-03-27 21:49 ` Peter Korsgaard
1 sibling, 1 reply; 5+ messages in thread
From: Arnout Vandecappelle @ 2019-03-20 23:01 UTC (permalink / raw)
To: buildroot
On 20/03/2019 22:18, Peter Korsgaard wrote:
> Bump the version to latest git to fix the following security issues:
[snip]
>
> Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
> is now upstream.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to master, thanks.
Regards,
Arnout
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] package/libssh2: security bump to latest git
2019-03-20 23:01 ` Arnout Vandecappelle
@ 2019-03-25 17:33 ` Matthew Weber
2019-03-25 19:26 ` Peter Korsgaard
0 siblings, 1 reply; 5+ messages in thread
From: Matthew Weber @ 2019-03-25 17:33 UTC (permalink / raw)
To: buildroot
Arnout / Peter,
On Wed, Mar 20, 2019 at 6:02 PM Arnout Vandecappelle <arnout@mind.be> wrote:
>
>
>
> On 20/03/2019 22:18, Peter Korsgaard wrote:
> > Bump the version to latest git to fix the following security issues:
I didn't check the version details but wondered if we were based off
of 1.8.x or latest? I noticed they just dropped a 1.8.1 last week and
a 1.9 is pending
(https://www.libssh2.org/mail/libssh2-devel-archive-2019-03/0023.shtml).
>
> [snip]
> >
> > Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
> > is now upstream.
> >
> > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>
> Applied to master, thanks.
>
> Regards,
> Arnout
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew Weber | Pr. Software Engineer | Commercial Avionics
COLLINS AEROSPACE
400 Collins Road NE, Cedar Rapids, Iowa 52498, USA
Tel: +1 319 295 7349 | FAX: +1 319 263 6099
matthew.weber at collins.com | collinsaerospace.com
CONFIDENTIALITY WARNING: This message may contain proprietary and/or
privileged information of Collins Aerospace and its affiliated
companies. If you are not the intended recipient, please 1) Do not
disclose, copy, distribute or use this message or its contents. 2)
Advise the sender by return email. 3) Delete all copies (including all
attachments) from your computer. Your cooperation is greatly
appreciated.
Any export restricted material should be shared using my
matthew.weber at corp.rockwellcollins.com address.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] package/libssh2: security bump to latest git
2019-03-25 17:33 ` Matthew Weber
@ 2019-03-25 19:26 ` Peter Korsgaard
0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2019-03-25 19:26 UTC (permalink / raw)
To: buildroot
>>>>> "Matthew" == Matthew Weber <matthew.weber@rockwellcollins.com> writes:
> Arnout / Peter,
> On Wed, Mar 20, 2019 at 6:02 PM Arnout Vandecappelle <arnout@mind.be> wrote:
>>
>>
>>
>> On 20/03/2019 22:18, Peter Korsgaard wrote:
>> > Bump the version to latest git to fix the following security issues:
> I didn't check the version details but wondered if we were based off
> of 1.8.x or latest? I noticed they just dropped a 1.8.1 last week and
> a 1.9 is pending
> (https://www.libssh2.org/mail/libssh2-devel-archive-2019-03/0023.shtml).
We were using a post-1.8.x git commit for a number of fixes, so going
back to 1.8.1 would have reverted those.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH] package/libssh2: security bump to latest git
2019-03-20 21:18 [Buildroot] [PATCH] package/libssh2: security bump to latest git Peter Korsgaard
2019-03-20 23:01 ` Arnout Vandecappelle
@ 2019-03-27 21:49 ` Peter Korsgaard
1 sibling, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2019-03-27 21:49 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Bump the version to latest git to fix the following security issues:
> CVE-2019-3855
> Possible integer overflow in transport read allows out-of-bounds write
> URL: https://www.libssh2.org/CVE-2019-3855.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
> CVE-2019-3856
> Possible integer overflow in keyboard interactive handling allows
> out-of-bounds write
> URL: https://www.libssh2.org/CVE-2019-3856.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
> CVE-2019-3857
> Possible integer overflow leading to zero-byte allocation and out-of-bounds
> write
> URL: https://www.libssh2.org/CVE-2019-3857.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
> CVE-2019-3858
> Possible zero-byte allocation leading to an out-of-bounds read
> URL: https://www.libssh2.org/CVE-2019-3858.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
> CVE-2019-3859
> Out-of-bounds reads with specially crafted payloads due to unchecked use of
> `_libssh2_packet_require` and `_libssh2_packet_requirev`
> URL: https://www.libssh2.org/CVE-2019-3859.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
> CVE-2019-3860
> Out-of-bounds reads with specially crafted SFTP packets
> URL: https://www.libssh2.org/CVE-2019-3860.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
> CVE-2019-3861
> Out-of-bounds reads with specially crafted SSH packets
> URL: https://www.libssh2.org/CVE-2019-3861.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
> CVE-2019-3862
> Out-of-bounds memory comparison
> URL: https://www.libssh2.org/CVE-2019-3862.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
> CVE-2019-3863
> Integer overflow in user authenicate keyboard interactive allows
> out-of-bounds writes
> URL: https://www.libssh2.org/CVE-2019-3863.html
> Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
> Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
> is now upstream.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2018.02.x, 2018.11.x and 2019.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-03-27 21:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-20 21:18 [Buildroot] [PATCH] package/libssh2: security bump to latest git Peter Korsgaard
2019-03-20 23:01 ` Arnout Vandecappelle
2019-03-25 17:33 ` Matthew Weber
2019-03-25 19:26 ` Peter Korsgaard
2019-03-27 21:49 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.