[OE-core] [PATCH 1/1] openssh: upgrade to 7.4p1
Dengke Du
dengke.du at windriver.com
Thu Jan 19 09:50:43 UTC 2017
Signed-off-by: Dengke Du <dengke.du at windriver.com>
---
.../openssh/add-test-support-for-busybox.patch | 69 ----------------------
.../openssh/openssh/fix-CVE-2016-8858.patch | 39 ------------
...ial-signed-overflow-in-pointer-arithmatic.patch | 67 ++++++++++-----------
...h-7.1p1-conditional-compile-des-in-cipher.patch | 39 ++++++------
...h-7.1p1-conditional-compile-des-in-pkcs11.patch | 12 ++--
.../openssh/{openssh_7.3p1.bb => openssh_7.4p1.bb} | 6 +-
6 files changed, 62 insertions(+), 170 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
delete mode 100644 meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch
rename meta/recipes-connectivity/openssh/{openssh_7.3p1.bb => openssh_7.4p1.bb} (96%)
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
deleted file mode 100644
index adc25c6..0000000
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Adjust test cases to work with busybox.
-
-- Replace dd parameter "obs" with "bs".
-- Replace "head -<num>" with "head -n <num>".
-
-Signed-off-by: Maxin B. John <maxin.john at enea.com>
-Upstream-Status: Pending
-
-Index: openssh-6.8p1/regress/cipher-speed.sh
-===================================================================
---- openssh-6.8p1.orig/regress/cipher-speed.sh
-+++ openssh-6.8p1/regress/cipher-speed.sh
-@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
- printf "%-60s" "$c/$m:"
- ( ${SSH} -o 'compression no' \
- -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
-- exec sh -c \'"dd of=/dev/null obs=32k"\' \
-+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
- < ${DATA} ) 2>&1 | getbytes
-
- if [ $? -ne 0 ]; then
-@@ -42,7 +42,7 @@ for c in $ciphers; do
- printf "%-60s" "$c:"
- ( ${SSH} -o 'compression no' \
- -F $OBJ/ssh_proxy -1 -c $c somehost \
-- exec sh -c \'"dd of=/dev/null obs=32k"\' \
-+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
- < ${DATA} ) 2>&1 | getbytes
- if [ $? -ne 0 ]; then
- fail "ssh -1 failed with cipher $c"
-Index: openssh-6.8p1/regress/transfer.sh
-===================================================================
---- openssh-6.8p1.orig/regress/transfer.sh
-+++ openssh-6.8p1/regress/transfer.sh
-@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
- for s in 10 100 1k 32k 64k 128k 256k; do
- trace "proto $p dd-size ${s}"
- rm -f ${COPY}
-- dd if=$DATA obs=${s} 2> /dev/null | \
-+ dd if=$DATA bs=${s} 2> /dev/null | \
- ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
- if [ $? -ne 0 ]; then
- fail "ssh cat $DATA failed"
-Index: openssh-6.8p1/regress/yes-head.sh
-===================================================================
---- openssh-6.8p1.orig/regress/yes-head.sh
-+++ openssh-6.8p1/regress/yes-head.sh
-@@ -4,7 +4,7 @@
- tid="yes pipe head"
-
- for p in ${SSH_PROTOCOLS}; do
-- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
-+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
- if [ $? -ne 0 ]; then
- fail "yes|head test failed"
- lines = 0;
-Index: openssh-6.8p1/regress/key-options.sh
-===================================================================
---- openssh-6.8p1.orig/regress/key-options.sh
-+++ openssh-6.8p1/regress/key-options.sh
-@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do
- fi
-
- sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
-- from=`head -1 $authkeys | cut -f1 -d ' '`
-+ from=`head -n 1 $authkeys | cut -f1 -d ' '`
- verbose "key option proto $p $from"
- r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
- if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch b/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch
deleted file mode 100644
index b26ee81..0000000
--- a/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-8858 of openssh
-
-Backport patch from upstream and drop the change of comment which can NOT be applied.
-
-Upstream-Status: Backport [ https://anongit.mindrot.org/openssh.git/commit/?id=ec165c3 ]
-CVE: CVE-2016-8858
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
----
-From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001
-From: "markus at openbsd.org" <markus at openbsd.org>
-Date: Mon, 10 Oct 2016 19:28:48 +0000
-Subject: [PATCH] upstream commit
-
-Unregister the KEXINIT handler after message has been
-received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
-allocation of up to 128MB -- until the connection is closed. Reported by
-shilei-c at 360.cn
-
-Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
----
- kex.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/kex.c b/kex.c
-index 3f97f8c..6a94bc5 100644
---- a/kex.c
-+++ b/kex.c
-@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
- if (kex == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-
-+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
- ptr = sshpkt_ptr(ssh, &dlen);
- if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
- return r;
---
-2.10.1
-
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
index df64a14..594d948 100644
--- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -1,7 +1,7 @@
-From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
-From: Yuanjie Huang <yuanjie.huang at windriver.com>
-Date: Wed, 24 Aug 2016 03:15:43 +0000
-Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
+From d117e5e6179f289189fd39f70d4099e5f5d3da9e Mon Sep 17 00:00:00 2001
+From: Dengke Du <dengke.du at windriver.com>
+Date: Thu, 19 Jan 2017 03:56:39 -0500
+Subject: [PATCH 3/3] Fix potential signed overflow in pointer arithmatic
Pointer arithmatic results in implementation defined signed integer
type, so that 's - src' in strlcpy and others may trigger signed overflow.
@@ -11,14 +11,15 @@ would lead to program abort.
Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
Signed-off-by: Yuanjie Huang <yuanjie.huang at windriver.com>
+Signed-off-by: Dengke Du <dengke.du at windriver.com>
---
- openbsd-compat/strlcat.c | 8 ++++++--
- openbsd-compat/strlcpy.c | 8 ++++++--
- openbsd-compat/strnlen.c | 8 ++++++--
- 3 files changed, 18 insertions(+), 6 deletions(-)
+ openbsd-compat/strlcat.c | 8 +++++++-
+ openbsd-compat/strlcpy.c | 8 +++++++-
+ openbsd-compat/strnlen.c | 8 +++++++-
+ 3 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
-index bcc1b61..e758ebf 100644
+index bcc1b61..8694a0d 100644
--- a/openbsd-compat/strlcat.c
+++ b/openbsd-compat/strlcat.c
@@ -23,6 +23,7 @@
@@ -29,22 +30,22 @@ index bcc1b61..e758ebf 100644
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
-@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
- s++;
+@@ -56,7 +57,12 @@ strlcat(char *dst, const char *src, size_t siz)
}
*d = '\0';
--
+
- return(dlen + (s - src)); /* count does not include NUL */
+ /*
-+ * Cast pointers to unsigned type before calculation, to avoid signed
-+ * overflow when the string ends where the MSB has changed.
-+ */
-+ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */
++
}
#endif /* !HAVE_STRLCAT */
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
-index b4b1b60..b06f374 100644
+index b4b1b60..861006c 100644
--- a/openbsd-compat/strlcpy.c
+++ b/openbsd-compat/strlcpy.c
@@ -23,6 +23,7 @@
@@ -55,22 +56,22 @@ index b4b1b60..b06f374 100644
/*
* Copy src to string dst of size siz. At most siz-1 characters
-@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
- while (*s++)
+@@ -52,7 +53,12 @@ strlcpy(char *dst, const char *src, size_t siz)
;
}
--
+
- return(s - src - 1); /* count does not include NUL */
+ /*
-+ * Cast pointers to unsigned type before calculation, to avoid signed
-+ * overflow when the string ends where the MSB has changed.
-+ */
-+ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */
++
}
#endif /* !HAVE_STRLCPY */
diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
-index 93d5155..9b8de5d 100644
+index 93d5155..9344993 100644
--- a/openbsd-compat/strnlen.c
+++ b/openbsd-compat/strnlen.c
@@ -23,6 +23,7 @@
@@ -81,19 +82,19 @@ index 93d5155..9b8de5d 100644
size_t
strnlen(const char *str, size_t maxlen)
-@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
-
+@@ -32,6 +33,11 @@ strnlen(const char *str, size_t maxlen)
for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
;
--
+
- return (size_t)(cp - str);
+ /*
-+ * Cast pointers to unsigned type before calculation, to avoid signed
-+ * overflow when the string ends where the MSB has changed.
-+ */
-+ return (size_t)((uintptr_t)cp - (uintptr_t)str);
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return (size_t)((uintptr_t)cp - (uintptr_t)str);
++
}
#endif
--
-1.9.1
+2.8.1
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
index 2773c14..1098b97 100644
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
@@ -1,18 +1,19 @@
-From d7eb26785ad4f25fb09fae46726ab8ca3fe16921 Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai at windriver.com>
-Date: Mon, 22 Aug 2016 14:11:16 +0300
-Subject: [PATCH] Remove des in cipher.
+From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001
+From: Dengke Du <dengke.du at windriver.com>
+Date: Thu, 19 Jan 2017 03:00:08 -0500
+Subject: [PATCH 1/3] Remove des in cipher.
Upstream-Status: Pending
Signed-off-by: Haiqing Bai <Haiqing.Bai at windriver.com>
Signed-off-by: Jussi Kukkonen <jussi.kukkonen at intel.com>
+Signed-off-by: Dengke Du <dengke.du at windriver.com>
---
cipher.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/cipher.c b/cipher.c
-index 031bda9..6cd667a 100644
+index 2def333..59f6792 100644
--- a/cipher.c
+++ b/cipher.c
@@ -53,8 +53,10 @@
@@ -25,8 +26,8 @@ index 031bda9..6cd667a 100644
+#endif /* OPENSSL_NO_DES */
#endif
- struct sshcipher {
-@@ -79,15 +81,19 @@ struct sshcipher {
+ struct sshcipher_ctx {
+@@ -88,15 +90,19 @@ struct sshcipher {
static const struct sshcipher ciphers[] = {
#ifdef WITH_SSH1
@@ -39,14 +40,14 @@ index 031bda9..6cd667a 100644
# endif /* OPENSSL_NO_BF */
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
- { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+#ifndef OPENSSL_NO_DES
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+#endif /* OPENSSL_NO_DES */
# ifndef OPENSSL_NO_BF
{ "blowfish-cbc",
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-@@ -171,8 +177,10 @@ cipher_keylen(const struct sshcipher *c)
+@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c)
u_int
cipher_seclen(const struct sshcipher *c)
{
@@ -57,7 +58,7 @@ index 031bda9..6cd667a 100644
return cipher_keylen(c);
}
-@@ -209,11 +217,13 @@ u_int
+@@ -230,11 +238,13 @@ u_int
cipher_mask_ssh1(int client)
{
u_int mask = 0;
@@ -71,7 +72,7 @@ index 031bda9..6cd667a 100644
return mask;
}
-@@ -553,7 +563,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_SSH2:
@@ -79,20 +80,20 @@ index 031bda9..6cd667a 100644
case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
case SSH_CIPHER_BLOWFISH:
- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
if (evplen == 0)
-@@ -576,8 +588,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
break;
#endif
#ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
case SSH_CIPHER_3DES:
- return ssh1_3des_iv(&cc->evp, 0, iv, 24);
+ return ssh1_3des_iv(cc->evp, 0, iv, 24);
+#endif /* OPENSSL_NO_DES */
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;
-@@ -601,7 +615,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_SSH2:
@@ -100,19 +101,19 @@ index 031bda9..6cd667a 100644
case SSH_CIPHER_DES:
+#endif /* OPENSSL_NO_DES */
case SSH_CIPHER_BLOWFISH:
- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
if (evplen <= 0)
-@@ -616,8 +632,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
break;
#endif
#ifdef WITH_SSH1
+#ifndef OPENSSL_NO_DES
case SSH_CIPHER_3DES:
- return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
+ return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
+#endif /* OPENSSL_NO_DES */
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;
--
-2.1.4
+2.8.1
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
index 815af42..47dc73b 100644
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
@@ -1,12 +1,12 @@
-From 04cfd84423f693d879dc3ffebb0f6fe2680c254f Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai at windriver.com>
-Date: Fri, 18 Mar 2016 15:59:21 +0800
-Subject: [PATCH 3/3] remove des in pkcs11.
+From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001
+From: Dengke Du <dengke.du at windriver.com>
+Date: Thu, 19 Jan 2017 03:21:40 -0500
+Subject: [PATCH 2/3] remove des in pkcs11.
Upstream-Status: Pending
Signed-off-by: Haiqing Bai <Haiqing.Bai at windriver.com>
-
+Signed-off-by: Dengke Du <dengke.du at windriver.com>
---
pkcs11.h | 8 ++++++++
1 file changed, 8 insertions(+)
@@ -66,5 +66,5 @@ index b01d58f..98b36e6 100644
#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
#define CKM_PKCS5_PBKD2 (0x3b0)
--
-1.9.1
+2.8.1
diff --git a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
similarity index 96%
rename from meta/recipes-connectivity/openssh/openssh_7.3p1.bb
rename to meta/recipes-connectivity/openssh/openssh_7.4p1.bb
index 94eb0ed..7eafb83 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb
@@ -20,18 +20,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://sshd@.service \
file://sshdgenkeys.service \
file://volatiles.99_sshd \
- file://add-test-support-for-busybox.patch \
file://run-ptest \
file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
- file://fix-CVE-2016-8858.patch \
"
PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "dfadd9f035d38ce5d58a3bf130b86d08"
-SRC_URI[sha256sum] = "3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc"
+SRC_URI[md5sum] = "b2db2a83caf66a208bb78d6d287cdaa3"
+SRC_URI[sha256sum] = "1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1"
inherit useradd update-rc.d update-alternatives systemd
--
2.8.1
More information about the Openembedded-core
mailing list