diff options
author | Leo Famulari <leo@famulari.name> | 2016-02-24 15:57:31 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-02-24 16:32:09 -0500 |
commit | 85267efb2ab6d274d6193928efaee10f97895134 (patch) | |
tree | 316ad5db634aca86f483d9a29d58b7f7e6979f21 /gnu/packages/patches | |
parent | 78d80c5c6ae971a715f03465030d3b0de24a1a96 (diff) | |
download | guix-85267efb2ab6d274d6193928efaee10f97895134.tar.gz |
gnu: libssh: Update to 0.7.3 [fixes CVE-2016-0739].
* gnu/packages/patches/libssh-CVE-2014-0017.patch: Delete file. * gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch: New file. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/ssh.scm (libssh): Update to 0.7.3. (libssh-0.5): Rename to... (libssh-0.6): ... this. Update to 0.6.5. [source]: Add patch for CVE-2016-0739. (guile-ssh)[inputs]: Use libssh-0.6. Modified-By: Mark H Weaver <mhw@netris.org>
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch | 77 | ||||
-rw-r--r-- | gnu/packages/patches/libssh-CVE-2014-0017.patch | 89 |
2 files changed, 77 insertions, 89 deletions
diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch new file mode 100644 index 0000000000..a5fdd7ffff --- /dev/null +++ b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch @@ -0,0 +1,77 @@ +Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in +dh_generate_x() and dh_generate_y()). + +"Due to a byte/bit confusion, the DH secret was too short. This file was +completely reworked and will be commited in a future version." +Source: +https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 + +This patch was created by upstream for libssh-0.7.3, but applied without +modification to libssh-0.6.3 by Debian. In Guix, we apply it without +modification to libssh-0.6.5. + +References: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739 +https://security-tracker.debian.org/tracker/CVE-2016-0739 + +--- + src/dh.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/dh.c b/src/dh.c +index e489a1d..d27b66e 100644 +--- a/src/dh.c ++++ b/src/dh.c +@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) { + } + + int dh_generate_x(ssh_session session) { ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } + session->next_crypto->x = bignum_new(); + if (session->next_crypto->x == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->x, 128); ++ bignum_rand(session->next_crypto->x, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->x, 128, 0, -1); ++ bignum_rand(session->next_crypto->x, keysize, -1, 0); + #endif + + /* not harder than this */ +@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) { + + /* used by server */ + int dh_generate_y(ssh_session session) { +- session->next_crypto->y = bignum_new(); ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } ++ session->next_crypto->y = bignum_new(); + if (session->next_crypto->y == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->y, 128); ++ bignum_rand(session->next_crypto->y, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->y, 128, 0, -1); ++ bignum_rand(session->next_crypto->y, keysize, -1, 0); + #endif + + /* not harder than this */ +-- +cgit v0.12 + diff --git a/gnu/packages/patches/libssh-CVE-2014-0017.patch b/gnu/packages/patches/libssh-CVE-2014-0017.patch deleted file mode 100644 index 94d8cc33d2..0000000000 --- a/gnu/packages/patches/libssh-CVE-2014-0017.patch +++ /dev/null @@ -1,89 +0,0 @@ -Patch from libssh 0.6, with bind.c hunk adjusted for 0.5.5. - -From e99246246b4061f7e71463f8806b9dcad65affa0 Mon Sep 17 00:00:00 2001 -From: Aris Adamantiadis <aris@0xbadc0de.be> -Date: Wed, 05 Feb 2014 20:24:12 +0000 -Subject: security: fix for vulnerability CVE-2014-0017 - -When accepting a new connection, a forking server based on libssh forks -and the child process handles the request. The RAND_bytes() function of -openssl doesn't reset its state after the fork, but simply adds the -current process id (getpid) to the PRNG state, which is not guaranteed -to be unique. -This can cause several children to end up with same PRNG state which is -a security issue. ---- -diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h -index 7374a88..e8ff32c 100644 ---- a/include/libssh/wrapper.h -+++ b/include/libssh/wrapper.h -@@ -70,5 +70,6 @@ int crypt_set_algorithms_server(ssh_session session); - struct ssh_crypto_struct *crypto_new(void); - void crypto_free(struct ssh_crypto_struct *crypto); - -+void ssh_reseed(void); - - #endif /* WRAPPER_H_ */ -diff --git a/src/bind.c b/src/bind.c -index 8d82d0d..03d3403 100644 ---- a/src/bind.c -+++ b/src/bind.c -@@ -375,6 +375,8 @@ int ssh_bind_accept(ssh_bind sshbind, ss - session->dsa_key = dsa; - session->rsa_key = rsa; - -+ /* force PRNG to change state in case we fork after ssh_bind_accept */ -+ ssh_reseed(); - return SSH_OK; - } - -diff --git a/src/libcrypto.c b/src/libcrypto.c -index bb1d96a..d8cc795 100644 ---- a/src/libcrypto.c -+++ b/src/libcrypto.c -@@ -23,6 +23,7 @@ - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -+#include <sys/time.h> - - #include "libssh/priv.h" - #include "libssh/session.h" -@@ -38,6 +39,8 @@ - #include <openssl/rsa.h> - #include <openssl/hmac.h> - #include <openssl/opensslv.h> -+#include <openssl/rand.h> -+ - #ifdef HAVE_OPENSSL_AES_H - #define HAS_AES - #include <openssl/aes.h> -@@ -74,6 +77,12 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { - return 0; - } - -+void ssh_reseed(void){ -+ struct timeval tv; -+ gettimeofday(&tv, NULL); -+ RAND_add(&tv, sizeof(tv), 0.0); -+} -+ - SHACTX sha1_init(void) { - SHACTX c = malloc(sizeof(*c)); - if (c == NULL) { -diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index 899bccd..4617901 100644 ---- a/src/libgcrypt.c -+++ b/src/libgcrypt.c -@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { - return 0; - } - -+void ssh_reseed(void){ -+ } -+ - SHACTX sha1_init(void) { - SHACTX ctx = NULL; - gcry_md_open(&ctx, GCRY_MD_SHA1, 0); --- -cgit v0.9.1 |