summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-02-26 21:19:39 +0100
committerMarius Bakke <mbakke@fastmail.com>2017-02-26 21:41:21 +0100
commitb01a89854ba1bd22b94c2373662bc07d035be2c1 (patch)
tree964eec2935528571d5ffc6c1048ea6ec3a22b663 /gnu
parent9c66b885436e6d00c846f231e1077b5bb2ee2a43 (diff)
downloadguix-b01a89854ba1bd22b94c2373662bc07d035be2c1.tar.gz
gnu: Remove unused patch.
This is a followup to 6f9d5b2e8c861c3a1243937a26400f8394946346.

* gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch77
2 files changed, 0 insertions, 78 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 515b154b9a..0538601734 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -692,7 +692,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libmad-frame-length.patch		\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
   %D%/packages/patches/libpng-CVE-2016-10087.patch		\
-  %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch		\
   %D%/packages/patches/libtar-CVE-2013-4420.patch \
   %D%/packages/patches/libtheora-config-guess.patch		\
   %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch
deleted file mode 100644
index a5fdd7ffff..0000000000
--- a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in
-dh_generate_x() and dh_generate_y()).
-
-"Due to a byte/bit confusion, the DH secret was too short. This file was
-completely reworked and will be commited in a future version."
-Source:
-https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86
-
-This patch was created by upstream for libssh-0.7.3, but applied without
-modification to libssh-0.6.3 by Debian. In Guix, we apply it without
-modification to libssh-0.6.5.
-
-References:
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
-https://security-tracker.debian.org/tracker/CVE-2016-0739
-
----
- src/dh.c | 22 +++++++++++++++++-----
- 1 file changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/src/dh.c b/src/dh.c
-index e489a1d..d27b66e 100644
---- a/src/dh.c
-+++ b/src/dh.c
-@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
- }
- 
- int dh_generate_x(ssh_session session) {
-+  int keysize;
-+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
-+    keysize = 1023;
-+  } else {
-+    keysize = 2047;
-+  }
-   session->next_crypto->x = bignum_new();
-   if (session->next_crypto->x == NULL) {
-     return -1;
-   }
- 
- #ifdef HAVE_LIBGCRYPT
--  bignum_rand(session->next_crypto->x, 128);
-+  bignum_rand(session->next_crypto->x, keysize);
- #elif defined HAVE_LIBCRYPTO
--  bignum_rand(session->next_crypto->x, 128, 0, -1);
-+  bignum_rand(session->next_crypto->x, keysize, -1, 0);
- #endif
- 
-   /* not harder than this */
-@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
- 
- /* used by server */
- int dh_generate_y(ssh_session session) {
--    session->next_crypto->y = bignum_new();
-+  int keysize;
-+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
-+    keysize = 1023;
-+  } else {
-+    keysize = 2047;
-+  }
-+  session->next_crypto->y = bignum_new();
-   if (session->next_crypto->y == NULL) {
-     return -1;
-   }
- 
- #ifdef HAVE_LIBGCRYPT
--  bignum_rand(session->next_crypto->y, 128);
-+  bignum_rand(session->next_crypto->y, keysize);
- #elif defined HAVE_LIBCRYPTO
--  bignum_rand(session->next_crypto->y, 128, 0, -1);
-+  bignum_rand(session->next_crypto->y, keysize, -1, 0);
- #endif
- 
-   /* not harder than this */
--- 
-cgit v0.12
-