Merge pull request #7209 from ldir-EDB0/libssh

libssh: bump to 0.7.6 CVE-2018-10933 fix

libs/libssh/Makefile

@@ -11,17 +11,18 @@ PKG_LICENSE:=LGPL-2.1+ BSD-2-Clause
 PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
 
 PKG_NAME:=libssh
-PKG_VERSION:=0.7.5
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.6
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://red.libssh.org/attachments/download/218/
-PKG_HASH:=54e86dd5dc20e5367e58f3caab337ce37675f863f80df85b6b1614966a337095
+PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/
+PKG_HASH:=1d607d3859274f755942324afb0f887ee22edd157f9596a2e69e3a28ec6d1092
+
+PKG_CPE_ID:=cpe:/a:libssh:libssh
 
 CMAKE_INSTALL:=1
 
 PKG_BUILD_PARALLEL:=1
-PKG_INSTALL:=1
 PKG_USE_MIPS16:=0
 
 include $(INCLUDE_DIR)/package.mk
@@ -32,7 +33,7 @@ define Package/libssh
   CATEGORY:=Libraries
   URL:=$(PKG_SOURCE_URL)
   TITLE:=SSH library
-  DEPENDS:=+libpthread +librt +zlib +libopenssl @BROKEN
+  DEPENDS:=+libpthread +librt +zlib +libopenssl
 endef
 
 define Package/libssh/description
@@ -41,8 +42,6 @@ define Package/libssh/description
 endef
 
 CMAKE_OPTIONS = \
-	-DCMAKE_INSTALL_PREFIX:PATH=/usr \
-	-DCMAKE_BUILD_TYPE:STRING=Release \
 	-DHAVE_STRTOULL=1 \
 	-DHAVE_GETADDRINFO=1 \
 	-DHAVE_TERMIOS_H=1 \

libs/libssh/patches/0001-misc-Add-strndup-implementation-if-not-provides-by-t.patch

@@ -0,0 +1,83 @@
+From f81ca6161223e3566ce78a427571235fb6848fe9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 29 Aug 2018 18:41:15 +0200
+Subject: [PATCH 1/8] misc: Add strndup implementation if not provides by the
+ OS
+
+Fixes T112
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ ConfigureChecks.cmake |  1 +
+ config.h.cmake        |  3 +++
+ include/libssh/priv.h |  4 ++++
+ src/misc.c            | 21 +++++++++++++++++++++
+ 4 files changed, 29 insertions(+)
+
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -115,6 +115,7 @@ endif (NOT WITH_GCRYPT)
+ 
+ check_function_exists(isblank HAVE_ISBLANK)
+ check_function_exists(strncpy HAVE_STRNCPY)
++check_function_exists(strndup HAVE_STRNDUP)
+ check_function_exists(strtoull HAVE_STRTOULL)
+ 
+ if (NOT WIN32)
+--- a/config.h.cmake
++++ b/config.h.cmake
+@@ -103,6 +103,9 @@
+ /* Define to 1 if you have the `strncpy' function. */
+ #cmakedefine HAVE_STRNCPY 1
+ 
++/* Define to 1 if you have the `strndup' function. */
++#cmakedefine HAVE_STRNDUP 1
++
+ /* Define to 1 if you have the `cfmakeraw' function. */
+ #cmakedefine HAVE_CFMAKERAW 1
+ 
+--- a/include/libssh/priv.h
++++ b/include/libssh/priv.h
+@@ -43,6 +43,10 @@
+ # endif
+ #endif /* !defined(HAVE_STRTOULL) */
+ 
++#if !defined(HAVE_STRNDUP)
++char *strndup(const char *s, size_t n);
++#endif /* ! HAVE_STRNDUP */
++
+ #ifdef HAVE_BYTESWAP_H
+ #include <byteswap.h>
+ #endif
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -1028,6 +1028,27 @@ int ssh_match_group(const char *group, c
+     return 0;
+ }
+ 
++#if !defined(HAVE_STRNDUP)
++char *strndup(const char *s, size_t n)
++{
++    char *x = NULL;
++
++    if (n + 1 < n) {
++        return NULL;
++    }
++
++    x = malloc(n + 1);
++    if (x == NULL) {
++        return NULL;
++    }
++
++    memcpy(x, s, n);
++    x[n] = '\0';
++
++    return x;
++}
++#endif /* ! HAVE_STRNDUP */
++
+ /** @} */
+ 
+ /* vim: set ts=4 sw=4 et cindent: */

libs/libssh/patches/0002-packet-Add-missing-break-in-ssh_packet_incoming_filt.patch

@@ -0,0 +1,24 @@
+From e4c6d591df6a9c34c1ff3ec9f367c7257122bef3 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 17 Oct 2018 07:23:10 +0200
+Subject: [PATCH 2/8] packet: Add missing break in ssh_packet_incoming_filter()
+
+CID 1396239
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/packet.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -285,6 +285,7 @@ static enum ssh_packet_filter_result_e s
+             (session->dh_handshake_state != DH_STATE_FINISHED))
+         {
+             rc = SSH_PACKET_DENIED;
++            break;
+         }
+ 
+         rc = SSH_PACKET_ALLOWED;

libs/libssh/patches/0003-server-Set-correct-state-after-sending-INFO_REQUEST-.patch

@@ -0,0 +1,24 @@
+From 734e3ce6747a5ed120b93a1ff253b3fde5f20024 Mon Sep 17 00:00:00 2001
+From: Meng Tan <mtan@wallix.com>
+Date: Wed, 17 Oct 2018 14:50:08 +0200
+Subject: [PATCH 3/8] server: Set correct state after sending INFO_REQUEST (Kbd
+ Interactive)
+
+Signed-off-by: Meng Tan <mtan@wallix.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/server.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/server.c
++++ b/src/server.c
+@@ -976,6 +976,7 @@ int ssh_message_auth_interactive_request
+     msg->session->kbdint->prompts = NULL;
+     msg->session->kbdint->echo = NULL;
+   }
++  msg->session->auth.state = SSH_AUTH_STATE_INFO;
+ 
+   return rc;
+ }

libs/libssh/patches/0004-messages-Check-that-the-requested-service-is-ssh-con.patch

@@ -0,0 +1,37 @@
+From 3fe7510b261098e3937ab5417935916a46e6727b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Fri, 19 Oct 2018 11:40:44 +0200
+Subject: [PATCH 4/8] messages: Check that the requested service is
+ 'ssh-connection'
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/messages.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/src/messages.c
++++ b/src/messages.c
+@@ -649,6 +649,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
+   ssh_message msg = NULL;
+   char *service = NULL;
+   char *method = NULL;
++  int cmp;
+   int rc;
+ 
+   (void)user;
+@@ -675,6 +676,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
+       service, method,
+       msg->auth_request.username);
+ 
++  cmp = strcmp(service, "ssh-connection");
++  if (cmp != 0) {
++      SSH_LOG(SSH_LOG_WARNING,
++              "Invalid service request: %s",
++              service);
++      goto end;
++  }
+ 
+   if (strcmp(method, "none") == 0) {
+     msg->auth_request.method = SSH_AUTH_METHOD_NONE;

libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch

@@ -0,0 +1,72 @@
+From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 17 Oct 2018 17:32:54 +0200
+Subject: [PATCH 5/8] examples: Explicitly track auth state in
+ samplesshd-kbdint
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ examples/samplesshd-kbdint.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+--- a/examples/samplesshd-kbdint.c
++++ b/examples/samplesshd-kbdint.c
+@@ -23,6 +23,7 @@ clients must be made or how a client sho
+ #include <stdlib.h>
+ #include <string.h>
+ #include <stdio.h>
++#include <stdbool.h>
+ 
+ #define SSHD_USER "libssh"
+ #define SSHD_PASSWORD "libssh"
+@@ -36,6 +37,7 @@ clients must be made or how a client sho
+ #endif
+ 
+ static int port = 22;
++static bool authenticated = false;
+ 
+ #ifdef WITH_PCAP
+ static const char *pcap_file = "debug.server.pcap";
+@@ -61,11 +63,20 @@ static void cleanup_pcap(void) {
+ #endif
+ 
+ 
+-static int auth_password(const char *user, const char *password){
+-    if(strcmp(user, SSHD_USER))
++static int auth_password(const char *user, const char *password)
++{
++    int cmp;
++
++    cmp = strcmp(user, SSHD_USER);
++    if (cmp != 0) {
+         return 0;
+-    if(strcmp(password, SSHD_PASSWORD))
++    }
++    cmp = strcmp(password, SSHD_PASSWORD);
++    if (cmp != 0) {
+         return 0;
++    }
++
++    authenticated = true;
+     return 1; // authenticated
+ }
+ #ifdef HAVE_ARGP_H
+@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses
+         return 0;
+     }
+ 
++    authenticated = true;
+     return 1;
+ }
+ 
+@@ -328,7 +340,7 @@ int main(int argc, char **argv){
+ 
+     /* proceed to authentication */
+     auth = authenticate(session);
+-    if(!auth){
++    if (!auth || !authenticated) {
+         printf("Authentication error: %s\n", ssh_get_error(session));
+         ssh_disconnect(session);
+         return 1;

libs/libssh/patches/0006-server-Fix-compile-error.patch

@@ -0,0 +1,22 @@
+From 7ad80ba1cc48f7af1f192692d100a6255d97b843 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 24 Oct 2018 19:57:17 +0200
+Subject: [PATCH 6/8] server: Fix compile error
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/server.c
++++ b/src/server.c
+@@ -976,7 +976,7 @@ int ssh_message_auth_interactive_request
+     msg->session->kbdint->prompts = NULL;
+     msg->session->kbdint->echo = NULL;
+   }
+-  msg->session->auth.state = SSH_AUTH_STATE_INFO;
++  msg->session->auth_state = SSH_AUTH_STATE_INFO;
+ 
+   return rc;
+ }

libs/libssh/patches/0007-gssapi-Set-correct-state-after-sending-GSSAPI_RESPON.patch

@@ -0,0 +1,24 @@
+From 103973215443f6e02e010114a3f7ac19eb6f3c8c Mon Sep 17 00:00:00 2001
+From: Meng Tan <mtan@wallix.com>
+Date: Thu, 25 Oct 2018 17:06:06 +0200
+Subject: [PATCH 7/8] gssapi: Set correct state after sending GSSAPI_RESPONSE
+ (select mechanism OID)
+
+Signed-off-by: Meng Tan <mtan@wallix.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/gssapi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/gssapi.c
++++ b/src/gssapi.c
+@@ -120,6 +120,7 @@ static int ssh_gssapi_send_response(ssh_
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
++    session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN;
+ 
+     packet_send(session);
+     SSH_LOG(SSH_LOG_PACKET,

libs/libssh/patches/0008-libcrypto-Fix-memory-leak-in-evp_final.patch

@@ -0,0 +1,24 @@
+From 9d5cf209df4c260546e1468cc15fbbbfba3097c6 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Sat, 27 Oct 2018 22:15:56 +0200
+Subject: [PATCH 8/8] libcrypto: Fix memory leak in evp_final()
+
+Fixes T116
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b)
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/libcrypto.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -165,6 +165,7 @@ void evp_update(EVPCTX ctx, const void *
+ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+ {
+     EVP_DigestFinal(ctx, md, mdlen);
++    EVP_MD_CTX_free(ctx);
+ }
+ #endif
+ 

libs/libssh/patches/001-compile.patch

@@ -21,7 +21,7 @@
  
  set(PACKAGE ${APPLICATION_NAME})
  set(VERSION ${APPLICATION_VERSION})
-@@ -270,6 +269,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
+@@ -272,6 +271,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  
  # ENDIAN