Signed-off-by: Dengke Du <[email protected]> --- .../openssh/add-test-support-for-busybox.patch | 69 ---------------------- .../openssh/openssh/fix-CVE-2016-8858.patch | 39 ------------ ...ial-signed-overflow-in-pointer-arithmatic.patch | 67 ++++++++++----------- ...h-7.1p1-conditional-compile-des-in-cipher.patch | 39 ++++++------ ...h-7.1p1-conditional-compile-des-in-pkcs11.patch | 12 ++-- .../openssh/{openssh_7.3p1.bb => openssh_7.4p1.bb} | 6 +- 6 files changed, 62 insertions(+), 170 deletions(-) delete mode 100644 meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch delete mode 100644 meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch rename meta/recipes-connectivity/openssh/{openssh_7.3p1.bb => openssh_7.4p1.bb} (96%)
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch deleted file mode 100644 index adc25c6..0000000 --- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch +++ /dev/null @@ -1,69 +0,0 @@ -Adjust test cases to work with busybox. - -- Replace dd parameter "obs" with "bs". -- Replace "head -<num>" with "head -n <num>". - -Signed-off-by: Maxin B. John <[email protected]> -Upstream-Status: Pending - -Index: openssh-6.8p1/regress/cipher-speed.sh -=================================================================== ---- openssh-6.8p1.orig/regress/cipher-speed.sh -+++ openssh-6.8p1/regress/cipher-speed.sh -@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for - printf "%-60s" "$c/$m:" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ -- exec sh -c \'"dd of=/dev/null obs=32k"\' \ -+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - - if [ $? -ne 0 ]; then -@@ -42,7 +42,7 @@ for c in $ciphers; do - printf "%-60s" "$c:" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -1 -c $c somehost \ -- exec sh -c \'"dd of=/dev/null obs=32k"\' \ -+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - if [ $? -ne 0 ]; then - fail "ssh -1 failed with cipher $c" -Index: openssh-6.8p1/regress/transfer.sh -=================================================================== ---- openssh-6.8p1.orig/regress/transfer.sh -+++ openssh-6.8p1/regress/transfer.sh -@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do - for s in 10 100 1k 32k 64k 128k 256k; do - trace "proto $p dd-size ${s}" - rm -f ${COPY} -- dd if=$DATA obs=${s} 2> /dev/null | \ -+ dd if=$DATA bs=${s} 2> /dev/null | \ - ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" -Index: openssh-6.8p1/regress/yes-head.sh -=================================================================== ---- openssh-6.8p1.orig/regress/yes-head.sh -+++ openssh-6.8p1/regress/yes-head.sh -@@ -4,7 +4,7 @@ - tid="yes pipe head" - - for p in ${SSH_PROTOCOLS}; do -- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` -+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` - if [ $? -ne 0 ]; then - fail "yes|head test failed" - lines = 0; -Index: openssh-6.8p1/regress/key-options.sh -=================================================================== ---- openssh-6.8p1.orig/regress/key-options.sh -+++ openssh-6.8p1/regress/key-options.sh -@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do - fi - - sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys -- from=`head -1 $authkeys | cut -f1 -d ' '` -+ from=`head -n 1 $authkeys | cut -f1 -d ' '` - verbose "key option proto $p $from" - r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` - if [ "$r" = "true" ]; then diff --git a/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch b/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch deleted file mode 100644 index b26ee81..0000000 --- a/meta/recipes-connectivity/openssh/openssh/fix-CVE-2016-8858.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-8858 of openssh - -Backport patch from upstream and drop the change of comment which can NOT be applied. - -Upstream-Status: Backport [ https://anongit.mindrot.org/openssh.git/commit/?id=ec165c3 ] -CVE: CVE-2016-8858 - -Signed-off-by: Kai Kang <[email protected]> ---- -From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 -From: "[email protected]" <[email protected]> -Date: Mon, 10 Oct 2016 19:28:48 +0000 -Subject: [PATCH] upstream commit - -Unregister the KEXINIT handler after message has been -received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause -allocation of up to 128MB -- until the connection is closed. Reported by -shilei-c at 360.cn - -Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 ---- - kex.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/kex.c b/kex.c -index 3f97f8c..6a94bc5 100644 ---- a/kex.c -+++ b/kex.c -@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) - if (kex == NULL) - return SSH_ERR_INVALID_ARGUMENT; - -+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); - ptr = sshpkt_ptr(ssh, &dlen); - if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) - return r; --- -2.10.1 - diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch index df64a14..594d948 100644 --- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch +++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch @@ -1,7 +1,7 @@ -From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001 -From: Yuanjie Huang <[email protected]> -Date: Wed, 24 Aug 2016 03:15:43 +0000 -Subject: [PATCH] Fix potential signed overflow in pointer arithmatic +From d117e5e6179f289189fd39f70d4099e5f5d3da9e Mon Sep 17 00:00:00 2001 +From: Dengke Du <[email protected]> +Date: Thu, 19 Jan 2017 03:56:39 -0500 +Subject: [PATCH 3/3] Fix potential signed overflow in pointer arithmatic Pointer arithmatic results in implementation defined signed integer type, so that 's - src' in strlcpy and others may trigger signed overflow. @@ -11,14 +11,15 @@ would lead to program abort. Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608] Signed-off-by: Yuanjie Huang <[email protected]> +Signed-off-by: Dengke Du <[email protected]> --- - openbsd-compat/strlcat.c | 8 ++++++-- - openbsd-compat/strlcpy.c | 8 ++++++-- - openbsd-compat/strnlen.c | 8 ++++++-- - 3 files changed, 18 insertions(+), 6 deletions(-) + openbsd-compat/strlcat.c | 8 +++++++- + openbsd-compat/strlcpy.c | 8 +++++++- + openbsd-compat/strnlen.c | 8 +++++++- + 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c -index bcc1b61..e758ebf 100644 +index bcc1b61..8694a0d 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c @@ -23,6 +23,7 @@ @@ -29,22 +30,22 @@ index bcc1b61..e758ebf 100644 /* * Appends src to string dst of size siz (unlike strncat, siz is the -@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz) - s++; +@@ -56,7 +57,12 @@ strlcat(char *dst, const char *src, size_t siz) } *d = '\0'; -- + - return(dlen + (s - src)); /* count does not include NUL */ + /* -+ * Cast pointers to unsigned type before calculation, to avoid signed -+ * overflow when the string ends where the MSB has changed. -+ */ -+ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */ ++ * Cast pointers to unsigned type before calculation, to avoid signed ++ * overflow when the string ends where the MSB has changed. ++ */ ++ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */ ++ } #endif /* !HAVE_STRLCAT */ diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c -index b4b1b60..b06f374 100644 +index b4b1b60..861006c 100644 --- a/openbsd-compat/strlcpy.c +++ b/openbsd-compat/strlcpy.c @@ -23,6 +23,7 @@ @@ -55,22 +56,22 @@ index b4b1b60..b06f374 100644 /* * Copy src to string dst of size siz. At most siz-1 characters -@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz) - while (*s++) +@@ -52,7 +53,12 @@ strlcpy(char *dst, const char *src, size_t siz) ; } -- + - return(s - src - 1); /* count does not include NUL */ + /* -+ * Cast pointers to unsigned type before calculation, to avoid signed -+ * overflow when the string ends where the MSB has changed. -+ */ -+ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */ ++ * Cast pointers to unsigned type before calculation, to avoid signed ++ * overflow when the string ends where the MSB has changed. ++ */ ++ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */ ++ } #endif /* !HAVE_STRLCPY */ diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c -index 93d5155..9b8de5d 100644 +index 93d5155..9344993 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -23,6 +23,7 @@ @@ -81,19 +82,19 @@ index 93d5155..9b8de5d 100644 size_t strnlen(const char *str, size_t maxlen) -@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen) - +@@ -32,6 +33,11 @@ strnlen(const char *str, size_t maxlen) for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) ; -- + - return (size_t)(cp - str); + /* -+ * Cast pointers to unsigned type before calculation, to avoid signed -+ * overflow when the string ends where the MSB has changed. -+ */ -+ return (size_t)((uintptr_t)cp - (uintptr_t)str); ++ * Cast pointers to unsigned type before calculation, to avoid signed ++ * overflow when the string ends where the MSB has changed. ++ */ ++ return (size_t)((uintptr_t)cp - (uintptr_t)str); ++ } #endif -- -1.9.1 +2.8.1 diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch index 2773c14..1098b97 100644 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch +++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch @@ -1,18 +1,19 @@ -From d7eb26785ad4f25fb09fae46726ab8ca3fe16921 Mon Sep 17 00:00:00 2001 -From: Haiqing Bai <[email protected]> -Date: Mon, 22 Aug 2016 14:11:16 +0300 -Subject: [PATCH] Remove des in cipher. +From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001 +From: Dengke Du <[email protected]> +Date: Thu, 19 Jan 2017 03:00:08 -0500 +Subject: [PATCH 1/3] Remove des in cipher. Upstream-Status: Pending Signed-off-by: Haiqing Bai <[email protected]> Signed-off-by: Jussi Kukkonen <[email protected]> +Signed-off-by: Dengke Du <[email protected]> --- cipher.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cipher.c b/cipher.c -index 031bda9..6cd667a 100644 +index 2def333..59f6792 100644 --- a/cipher.c +++ b/cipher.c @@ -53,8 +53,10 @@ @@ -25,8 +26,8 @@ index 031bda9..6cd667a 100644 +#endif /* OPENSSL_NO_DES */ #endif - struct sshcipher { -@@ -79,15 +81,19 @@ struct sshcipher { + struct sshcipher_ctx { +@@ -88,15 +90,19 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_SSH1 @@ -39,14 +40,14 @@ index 031bda9..6cd667a 100644 # endif /* OPENSSL_NO_BF */ #endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, +#ifndef OPENSSL_NO_DES + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, +#endif /* OPENSSL_NO_DES */ # ifndef OPENSSL_NO_BF { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, -@@ -171,8 +177,10 @@ cipher_keylen(const struct sshcipher *c) +@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c) u_int cipher_seclen(const struct sshcipher *c) { @@ -57,7 +58,7 @@ index 031bda9..6cd667a 100644 return cipher_keylen(c); } -@@ -209,11 +217,13 @@ u_int +@@ -230,11 +238,13 @@ u_int cipher_mask_ssh1(int client) { u_int mask = 0; @@ -71,7 +72,7 @@ index 031bda9..6cd667a 100644 return mask; } -@@ -553,7 +563,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) +@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) switch (c->number) { #ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: @@ -79,20 +80,20 @@ index 031bda9..6cd667a 100644 case SSH_CIPHER_DES: +#endif /* OPENSSL_NO_DES */ case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen == 0) -@@ -576,8 +588,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) +@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) break; #endif #ifdef WITH_SSH1 +#ifndef OPENSSL_NO_DES case SSH_CIPHER_3DES: - return ssh1_3des_iv(&cc->evp, 0, iv, 24); + return ssh1_3des_iv(cc->evp, 0, iv, 24); +#endif /* OPENSSL_NO_DES */ #endif default: return SSH_ERR_INVALID_ARGUMENT; -@@ -601,7 +615,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) +@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) switch (c->number) { #ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: @@ -100,19 +101,19 @@ index 031bda9..6cd667a 100644 case SSH_CIPHER_DES: +#endif /* OPENSSL_NO_DES */ case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen <= 0) -@@ -616,8 +632,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) +@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) break; #endif #ifdef WITH_SSH1 +#ifndef OPENSSL_NO_DES case SSH_CIPHER_3DES: - return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); + return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); +#endif /* OPENSSL_NO_DES */ #endif default: return SSH_ERR_INVALID_ARGUMENT; -- -2.1.4 +2.8.1 diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch index 815af42..47dc73b 100644 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch +++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch @@ -1,12 +1,12 @@ -From 04cfd84423f693d879dc3ffebb0f6fe2680c254f Mon Sep 17 00:00:00 2001 -From: Haiqing Bai <[email protected]> -Date: Fri, 18 Mar 2016 15:59:21 +0800 -Subject: [PATCH 3/3] remove des in pkcs11. +From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001 +From: Dengke Du <[email protected]> +Date: Thu, 19 Jan 2017 03:21:40 -0500 +Subject: [PATCH 2/3] remove des in pkcs11. Upstream-Status: Pending Signed-off-by: Haiqing Bai <[email protected]> - +Signed-off-by: Dengke Du <[email protected]> --- pkcs11.h | 8 ++++++++ 1 file changed, 8 insertions(+) @@ -66,5 +66,5 @@ index b01d58f..98b36e6 100644 #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) #define CKM_PKCS5_PBKD2 (0x3b0) -- -1.9.1 +2.8.1 diff --git a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb similarity index 96% rename from meta/recipes-connectivity/openssh/openssh_7.3p1.bb rename to meta/recipes-connectivity/openssh/openssh_7.4p1.bb index 94eb0ed..7eafb83 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.4p1.bb @@ -20,18 +20,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://[email protected] \ file://sshdgenkeys.service \ file://volatiles.99_sshd \ - file://add-test-support-for-busybox.patch \ file://run-ptest \ file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \ file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ - file://fix-CVE-2016-8858.patch \ " PAM_SRC_URI = "file://sshd" -SRC_URI[md5sum] = "dfadd9f035d38ce5d58a3bf130b86d08" -SRC_URI[sha256sum] = "3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc" +SRC_URI[md5sum] = "b2db2a83caf66a208bb78d6d287cdaa3" +SRC_URI[sha256sum] = "1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1" inherit useradd update-rc.d update-alternatives systemd -- 2.8.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
