* [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4
@ 2023-12-20 8:54 vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 2/4] libssh: add ptest vanusuri
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: vanusuri @ 2023-12-20 8:54 UTC (permalink / raw)
To: openembedded-devel; +Cc: Vijay Anusuri
From: Vijay Anusuri <vanusuri@mvista.com>
ChangeLog:
https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4
Drop CVE-2020-16135.patch
Ref: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=4b7e4341327e867208bfc3d8ba1954af66641e60
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../libssh/libssh/CVE-2020-16135.patch | 44 -------------------
.../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++-----
2 files changed, 3 insertions(+), 57 deletions(-)
delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb => libssh_0.10.4.bb} (62%)
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
deleted file mode 100644
index 63b78688d..000000000
--- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:04:09 +0200
-Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
-
-Add a missing NULL check for the pointer returned by ssh_buffer_new() in
-sftpserver.c.
-
-Thanks to Ramin Farajpour Cami for spotting this.
-
-Fixes T232
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
-
-Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c]
-CVE: CVE-2020-16135
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/sftpserver.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index 1717aa417..1af8a0e76 100644
---- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
-
- /* take a copy of the whole packet */
- msg->complete_message = ssh_buffer_new();
-+ if (msg->complete_message == NULL) {
-+ ssh_set_error_oom(session);
-+ sftp_client_message_free(msg);
-+ return NULL;
-+ }
-+
- ssh_buffer_add_data(msg->complete_message,
- ssh_buffer_get(payload),
- ssh_buffer_get_len(payload));
---
-2.25.1
-
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
similarity index 62%
rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb
rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb
index 061f13912..3a57a728a 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
@@ -6,10 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
DEPENDS = "zlib openssl"
-SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \
- file://CVE-2020-16135.patch \
- "
-SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
+SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10"
+SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
S = "${WORKDIR}/git"
@@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \
-DWITH_PCAP=1 \
-DWITH_SFTP=1 \
-DWITH_ZLIB=1 \
- -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \
+ -DWITH_EXAMPLES=0 \
"
-do_configure:prepend () {
- # Disable building of examples
- sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/' ${S}/CMakeLists.txt \
- || bbfatal "Failed to disable examples"
-}
-
-TOOLCHAIN = "gcc"
-
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [meta-oe][kirkstone][PATCH v3 2/4] libssh: add ptest
2023-12-20 8:54 [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 vanusuri
@ 2023-12-20 8:54 ` vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 3/4] libssh: Fix build with clang16 vanusuri
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: vanusuri @ 2023-12-20 8:54 UTC (permalink / raw)
To: openembedded-devel; +Cc: Vijay Anusuri, Yi Zhao
From: Vijay Anusuri <vanusuri@mvista.com>
Results:
$ ptest-runner libssh
START: ptest-runner
2023-03-16T02:56
BEGIN: /usr/lib/libssh/ptest
PASS: torture_bind_config
PASS: torture_buffer
PASS: torture_bytearray
PASS: torture_callbacks
PASS: torture_channel
PASS: torture_config
PASS: torture_crypto
PASS: torture_hashes
PASS: torture_init
PASS: torture_isipaddr
PASS: torture_keyfiles
PASS: torture_knownhosts_parsing
PASS: torture_list
PASS: torture_misc
PASS: torture_moduli
PASS: torture_options
PASS: torture_packet
PASS: torture_packet_filter
PASS: torture_pki
PASS: torture_pki_ecdsa
PASS: torture_pki_ed25519
PASS: torture_pki_rsa
PASS: torture_push_pop_dir
PASS: torture_rand
PASS: torture_session_keys
PASS: torture_temp_dir
PASS: torture_temp_file
PASS: torture_threads_buffer
PASS: torture_threads_crypto
PASS: torture_threads_init
PASS: torture_threads_pki_rsa
PASS: torture_tokens
DURATION: 24
END: /usr/lib/libssh/ptest
2023-03-16T02:56
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Ref: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=bf49bdea290ba8cf18f3fd6b47d1d71dfe499948
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
....txt-do-not-search-ssh-sshd-commands.patch | 38 +++++++++++++
.../recipes-support/libssh/libssh/run-ptest | 53 +++++++++++++++++++
.../recipes-support/libssh/libssh_0.10.4.bb | 21 ++++++--
3 files changed, 109 insertions(+), 3 deletions(-)
create mode 100644 meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
create mode 100644 meta-oe/recipes-support/libssh/libssh/run-ptest
diff --git a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
new file mode 100644
index 000000000..0c7f53029
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
@@ -0,0 +1,38 @@
+From d2525ba0bc7b11de12c54ea1a3d1eb862537136d Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 15 Mar 2023 16:51:58 +0800
+Subject: [PATCH] tests/CMakeLists.txt: do not search ssh/sshd commands on host
+
+It will search ssh/sshd commands on host when configure. Since they are
+not required by unittests, we can skip the search.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tests/CMakeLists.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 22a36f37..aa32ca2e 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -86,6 +86,7 @@ set(TEST_TARGET_LIBRARIES
+
+ add_subdirectory(unittests)
+
++if (CLIENT_TESTING OR SERVER_TESTING)
+ # OpenSSH Capabilities are required for all unit tests
+ find_program(SSH_EXECUTABLE NAMES ssh)
+ if (SSH_EXECUTABLE)
+@@ -293,6 +294,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
+
+ message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
+ endif ()
++endif ()
+
+ configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h)
+
+--
+2.25.1
+
diff --git a/meta-oe/recipes-support/libssh/libssh/run-ptest b/meta-oe/recipes-support/libssh/libssh/run-ptest
new file mode 100644
index 000000000..159994e9b
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/run-ptest
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Valid tests to run
+tests="torture_bind_config \
+ torture_buffer \
+ torture_bytearray \
+ torture_callbacks \
+ torture_channel \
+ torture_config \
+ torture_crypto \
+ torture_hashes \
+ torture_init \
+ torture_isipaddr \
+ torture_keyfiles \
+ torture_knownhosts_parsing \
+ torture_list \
+ torture_misc \
+ torture_moduli \
+ torture_options \
+ torture_packet \
+ torture_packet_filter \
+ torture_pki \
+ torture_pki_ecdsa \
+ torture_pki_ed25519 \
+ torture_pki_rsa \
+ torture_push_pop_dir \
+ torture_rand \
+ torture_session_keys \
+ torture_temp_dir \
+ torture_temp_file \
+ torture_threads_buffer \
+ torture_threads_crypto \
+ torture_threads_init \
+ torture_threads_pki_rsa \
+ torture_tokens \
+ "
+
+ptestdir=$(dirname "$(readlink -f "$0")")
+cd "$ptestdir"/tests || exit
+
+# Run specified tests
+for f in $tests
+do
+ if test -e ./"$f"; then
+ if ./"$f" > ./"$f".out 2> ./"$f".err; then
+ echo "PASS: $f"
+ else
+ echo "FAIL: $f"
+ fi
+ else
+ echo "SKIP: $f"
+ fi
+done
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
index 3a57a728a..801644d95 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
@@ -6,16 +6,20 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
DEPENDS = "zlib openssl"
-SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10"
+SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10 \
+ file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \
+ file://run-ptest \
+ "
SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
S = "${WORKDIR}/git"
-inherit cmake
+inherit cmake ptest
-PACKAGECONFIG ??= "gcrypt"
+PACKAGECONFIG ??= "gcrypt ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
PACKAGECONFIG[gssapi] = "-DWITH_GSSAPI=1, -DWITH_GSSAPI=0, krb5, "
PACKAGECONFIG[gcrypt] = "-DWITH_GCRYPT=1, -DWITH_GCRYPT=0, libgcrypt, "
+PACKAGECONFIG[tests] = "-DUNIT_TESTING=1, -DUNIT_TESTING=0, cmocka"
ARM_INSTRUCTION_SET:armv5 = "arm"
@@ -26,4 +30,15 @@ EXTRA_OECMAKE = " \
-DWITH_EXAMPLES=0 \
"
+do_compile:prepend () {
+ if [ ${PTEST_ENABLED} = "1" ]; then
+ sed -i -e 's|${B}|${PTEST_PATH}|g' ${B}/config.h
+ fi
+}
+
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/tests
+ cp -f ${B}/tests/unittests/torture_* ${D}${PTEST_PATH}/tests/
+}
+
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [meta-oe][kirkstone][PATCH v3 3/4] libssh: Fix build with clang16
2023-12-20 8:54 [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 2/4] libssh: add ptest vanusuri
@ 2023-12-20 8:54 ` vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 4/4] libssh: upgrade 0.10.4 -> 0.10.5 vanusuri
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: vanusuri @ 2023-12-20 8:54 UTC (permalink / raw)
To: openembedded-devel; +Cc: Vijay Anusuri, Khem Raj
From: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ref: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=9323b287ef588f41c13f3520de85eb198f6eaf83
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
...prototype-of-des3_encrypt-des3_decry.patch | 46 +++++++++++++++++++
.../recipes-support/libssh/libssh_0.10.4.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
diff --git a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
new file mode 100644
index 000000000..19775fa52
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
@@ -0,0 +1,46 @@
+From 0cade4573334571055127a2d4fe3641e2397948d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 20 Mar 2023 21:59:19 -0700
+Subject: [PATCH] libgcrypt.c: Fix prototype of des3_encrypt/des3_decrypt
+
+This is to match the prototype for callback functions which are now emitted as
+errors by clang16
+
+Fixes
+
+TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/libssh/0.10.4-r0/git/src/libgcrypt.c:903:20: error: incompatible function pointer types initializing 'void (*)(struct ssh_cipher_struct *, void *, void *, size_t)' (aka 'void (*)(struct ssh_cipher_struct *, void *, void *, unsigned int)') with an expression of type 'void (struct ssh_cipher_struct *, void *, void *, unsigned long)' [-Wincompatible-function-pointer-types]
+ .encrypt = des3_encrypt,
+ ^~~~~~~~~~~~
+TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/libssh/0.10.4-r0/git/src/libgcrypt.c:904:20: error: incompatible function pointer types initializing 'void (*)(struct ssh_cipher_struct *, void *, void *, size_t)' (aka 'void (*)(struct ssh_cipher_struct *, void *, void *, unsigned int)') with an expression of type 'void (struct ssh_cipher_struct *, void *, void *, unsigned long)' [-Wincompatible-function-pointer-types]
+ .decrypt = des3_decrypt
+ ^~~~~~~~~~~~
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/libgcrypt.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index da5588ad..e482b654 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -469,12 +469,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
+ }
+
+ static void des3_encrypt(struct ssh_cipher_struct *cipher, void *in,
+- void *out, unsigned long len) {
++ void *out, size_t len) {
+ gcry_cipher_encrypt(cipher->key[0], out, len, in, len);
+ }
+
+ static void des3_decrypt(struct ssh_cipher_struct *cipher, void *in,
+- void *out, unsigned long len) {
++ void *out, size_t len) {
+ gcry_cipher_decrypt(cipher->key[0], out, len, in, len);
+ }
+
+--
+2.40.0
+
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
index 801644d95..4b2ced5e5 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
@@ -8,6 +8,7 @@ DEPENDS = "zlib openssl"
SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10 \
file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \
+ file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch \
file://run-ptest \
"
SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [meta-oe][kirkstone][PATCH v3 4/4] libssh: upgrade 0.10.4 -> 0.10.5
2023-12-20 8:54 [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 2/4] libssh: add ptest vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 3/4] libssh: Fix build with clang16 vanusuri
@ 2023-12-20 8:54 ` vanusuri
[not found] ` <17A27E534D74AE07.24485@lists.openembedded.org>
2024-01-08 2:14 ` [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 Mittal, Anuj
4 siblings, 0 replies; 9+ messages in thread
From: vanusuri @ 2023-12-20 8:54 UTC (permalink / raw)
To: openembedded-devel; +Cc: Vijay Anusuri, Yi Zhao
From: Vijay Anusuri <vanusuri@mvista.com>
Changelog:
https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.5
* Generate cases list dynamically in run-ptest.
* Install missing file to fix ptest failure.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Ref: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=b0833f1f3ec78f16a79d9ff66cdd19da93496018
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../recipes-support/libssh/libssh/run-ptest | 42 ++-----------------
.../{libssh_0.10.4.bb => libssh_0.10.5.bb} | 5 ++-
2 files changed, 7 insertions(+), 40 deletions(-)
rename meta-oe/recipes-support/libssh/{libssh_0.10.4.bb => libssh_0.10.5.bb} (85%)
diff --git a/meta-oe/recipes-support/libssh/libssh/run-ptest b/meta-oe/recipes-support/libssh/libssh/run-ptest
index 159994e9b..6346b72d5 100644
--- a/meta-oe/recipes-support/libssh/libssh/run-ptest
+++ b/meta-oe/recipes-support/libssh/libssh/run-ptest
@@ -1,53 +1,17 @@
#!/bin/sh
-# Valid tests to run
-tests="torture_bind_config \
- torture_buffer \
- torture_bytearray \
- torture_callbacks \
- torture_channel \
- torture_config \
- torture_crypto \
- torture_hashes \
- torture_init \
- torture_isipaddr \
- torture_keyfiles \
- torture_knownhosts_parsing \
- torture_list \
- torture_misc \
- torture_moduli \
- torture_options \
- torture_packet \
- torture_packet_filter \
- torture_pki \
- torture_pki_ecdsa \
- torture_pki_ed25519 \
- torture_pki_rsa \
- torture_push_pop_dir \
- torture_rand \
- torture_session_keys \
- torture_temp_dir \
- torture_temp_file \
- torture_threads_buffer \
- torture_threads_crypto \
- torture_threads_init \
- torture_threads_pki_rsa \
- torture_tokens \
- "
-
ptestdir=$(dirname "$(readlink -f "$0")")
cd "$ptestdir"/tests || exit
-# Run specified tests
+tests=$(find * -type f -name 'torture_*')
+
for f in $tests
do
- if test -e ./"$f"; then
+ if test -x ./"$f"; then
if ./"$f" > ./"$f".out 2> ./"$f".err; then
echo "PASS: $f"
else
echo "FAIL: $f"
fi
- else
- echo "SKIP: $f"
fi
done
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb b/meta-oe/recipes-support/libssh/libssh_0.10.5.bb
similarity index 85%
rename from meta-oe/recipes-support/libssh/libssh_0.10.4.bb
rename to meta-oe/recipes-support/libssh/libssh_0.10.5.bb
index 4b2ced5e5..f33987acf 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.5.bb
@@ -11,7 +11,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch \
file://run-ptest \
"
-SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
+SRCREV = "479eca13aaaa46b43e68c52186e3783f06ae6f34"
S = "${WORKDIR}/git"
@@ -34,12 +34,15 @@ EXTRA_OECMAKE = " \
do_compile:prepend () {
if [ ${PTEST_ENABLED} = "1" ]; then
sed -i -e 's|${B}|${PTEST_PATH}|g' ${B}/config.h
+ sed -i -e 's|${S}|${PTEST_PATH}|g' ${B}/config.h
fi
}
do_install_ptest () {
install -d ${D}${PTEST_PATH}/tests
cp -f ${B}/tests/unittests/torture_* ${D}${PTEST_PATH}/tests/
+ install -d ${D}${PTEST_PATH}/tests/unittests
+ cp -f ${S}/tests/unittests/hello*.sh ${D}${PTEST_PATH}/tests/unittests/
}
BBCLASSEXTEND = "native nativesdk"
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [oe] [meta-oe][kirkstone][PATCH v3 4/4] libssh: upgrade 0.10.4 -> 0.10.5
[not found] ` <17A27E534D74AE07.24485@lists.openembedded.org>
@ 2024-01-08 2:03 ` Vijay Anusuri
0 siblings, 0 replies; 9+ messages in thread
From: Vijay Anusuri @ 2024-01-08 2:03 UTC (permalink / raw)
To: vanusuri, Armin Kuster; +Cc: openembedded-devel, Yi Zhao
[-- Attachment #1: Type: text/plain, Size: 4608 bytes --]
Hi Armin,
Any update on this ?
Thanks & Regards,
Vijay
On Wed, Dec 20, 2023 at 2:25 PM Vijay Anusuri via lists.openembedded.org
<vanusuri=mvista.com@lists.openembedded.org> wrote:
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Changelog:
> https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.5
>
> * Generate cases list dynamically in run-ptest.
> * Install missing file to fix ptest failure.
>
> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
>
> Ref:
> https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=b0833f1f3ec78f16a79d9ff66cdd19da93496018
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
> .../recipes-support/libssh/libssh/run-ptest | 42 ++-----------------
> .../{libssh_0.10.4.bb => libssh_0.10.5.bb} | 5 ++-
> 2 files changed, 7 insertions(+), 40 deletions(-)
> rename meta-oe/recipes-support/libssh/{libssh_0.10.4.bb =>
> libssh_0.10.5.bb} (85%)
>
> diff --git a/meta-oe/recipes-support/libssh/libssh/run-ptest
> b/meta-oe/recipes-support/libssh/libssh/run-ptest
> index 159994e9b..6346b72d5 100644
> --- a/meta-oe/recipes-support/libssh/libssh/run-ptest
> +++ b/meta-oe/recipes-support/libssh/libssh/run-ptest
> @@ -1,53 +1,17 @@
> #!/bin/sh
>
> -# Valid tests to run
> -tests="torture_bind_config \
> - torture_buffer \
> - torture_bytearray \
> - torture_callbacks \
> - torture_channel \
> - torture_config \
> - torture_crypto \
> - torture_hashes \
> - torture_init \
> - torture_isipaddr \
> - torture_keyfiles \
> - torture_knownhosts_parsing \
> - torture_list \
> - torture_misc \
> - torture_moduli \
> - torture_options \
> - torture_packet \
> - torture_packet_filter \
> - torture_pki \
> - torture_pki_ecdsa \
> - torture_pki_ed25519 \
> - torture_pki_rsa \
> - torture_push_pop_dir \
> - torture_rand \
> - torture_session_keys \
> - torture_temp_dir \
> - torture_temp_file \
> - torture_threads_buffer \
> - torture_threads_crypto \
> - torture_threads_init \
> - torture_threads_pki_rsa \
> - torture_tokens \
> - "
> -
> ptestdir=$(dirname "$(readlink -f "$0")")
> cd "$ptestdir"/tests || exit
>
> -# Run specified tests
> +tests=$(find * -type f -name 'torture_*')
> +
> for f in $tests
> do
> - if test -e ./"$f"; then
> + if test -x ./"$f"; then
> if ./"$f" > ./"$f".out 2> ./"$f".err; then
> echo "PASS: $f"
> else
> echo "FAIL: $f"
> fi
> - else
> - echo "SKIP: $f"
> fi
> done
> diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> b/meta-oe/recipes-support/libssh/libssh_0.10.5.bb
> similarity index 85%
> rename from meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> rename to meta-oe/recipes-support/libssh/libssh_0.10.5.bb
> index 4b2ced5e5..f33987acf 100644
> --- a/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> +++ b/meta-oe/recipes-support/libssh/libssh_0.10.5.bb
> @@ -11,7 +11,7 @@ SRC_URI = "git://
> git.libssh.org/projects/libssh.git;protocol=https;branch=stable
>
> file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch \
> file://run-ptest \
> "
> -SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
> +SRCREV = "479eca13aaaa46b43e68c52186e3783f06ae6f34"
>
> S = "${WORKDIR}/git"
>
> @@ -34,12 +34,15 @@ EXTRA_OECMAKE = " \
> do_compile:prepend () {
> if [ ${PTEST_ENABLED} = "1" ]; then
> sed -i -e 's|${B}|${PTEST_PATH}|g' ${B}/config.h
> + sed -i -e 's|${S}|${PTEST_PATH}|g' ${B}/config.h
> fi
> }
>
> do_install_ptest () {
> install -d ${D}${PTEST_PATH}/tests
> cp -f ${B}/tests/unittests/torture_* ${D}${PTEST_PATH}/tests/
> + install -d ${D}${PTEST_PATH}/tests/unittests
> + cp -f ${S}/tests/unittests/hello*.sh
> ${D}${PTEST_PATH}/tests/unittests/
> }
>
> BBCLASSEXTEND = "native nativesdk"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#107653):
> https://lists.openembedded.org/g/openembedded-devel/message/107653
> Mute This Topic: https://lists.openembedded.org/mt/103278130/7301997
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> vanusuri@mvista.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 7488 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4
2023-12-20 8:54 [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 vanusuri
` (3 preceding siblings ...)
[not found] ` <17A27E534D74AE07.24485@lists.openembedded.org>
@ 2024-01-08 2:14 ` Mittal, Anuj
2024-01-08 2:40 ` Vijay Anusuri
4 siblings, 1 reply; 9+ messages in thread
From: Mittal, Anuj @ 2024-01-08 2:14 UTC (permalink / raw)
To: vanusuri@mvista.com, openembedded-devel@lists.openembedded.org
On Wed, 2023-12-20 at 14:24 +0530, Vijay Anusuri via
lists.openembedded.org wrote:
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> ChangeLog:
> https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4
I don't think this is allowed as per stable branch policy unless this
is a bug fix only upgrade.
Thanks,
Anuj
>
> Drop CVE-2020-16135.patch
>
> Ref:
> https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=4b7e4341327e867208bfc3d8ba1954af66641e60
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
> .../libssh/libssh/CVE-2020-16135.patch | 44 -----------------
> --
> .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++-----
> 2 files changed, 3 insertions(+), 57 deletions(-)
> delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-
> 16135.patch
> rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb =>
> libssh_0.10.4.bb} (62%)
>
> diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> 16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> 16135.patch
> deleted file mode 100644
> index 63b78688d..000000000
> --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
> +++ /dev/null
> @@ -1,44 +0,0 @@
> -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00
> 2001
> -From: Andreas Schneider <asn@cryptomilk.org>
> -Date: Wed, 3 Jun 2020 10:04:09 +0200
> -Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
> -
> -Add a missing NULL check for the pointer returned by
> ssh_buffer_new() in
> -sftpserver.c.
> -
> -Thanks to Ramin Farajpour Cami for spotting this.
> -
> -Fixes T232
> -
> -Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
> -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
> -Reviewed-by: Jakub Jelen <jjelen@redhat.com>
> -(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
> -
> -Upstream-Status: Backport
> [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d374
> 8ca69bde5651f20e72761058c]
> -CVE: CVE-2020-16135
> -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> ----
> - src/sftpserver.c | 6 ++++++
> - 1 file changed, 6 insertions(+)
> -
> -diff --git a/src/sftpserver.c b/src/sftpserver.c
> -index 1717aa417..1af8a0e76 100644
> ---- a/src/sftpserver.c
> -+++ b/src/sftpserver.c
> -@@ -64,6 +64,12 @@ sftp_client_message
> sftp_get_client_message(sftp_session sftp) {
> -
> - /* take a copy of the whole packet */
> - msg->complete_message = ssh_buffer_new();
> -+ if (msg->complete_message == NULL) {
> -+ ssh_set_error_oom(session);
> -+ sftp_client_message_free(msg);
> -+ return NULL;
> -+ }
> -+
> - ssh_buffer_add_data(msg->complete_message,
> - ssh_buffer_get(payload),
> - ssh_buffer_get_len(payload));
> ---
> -2.25.1
> -
> diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-
> oe/recipes-support/libssh/libssh_0.10.4.bb
> similarity index 62%
> rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> index 061f13912..3a57a728a 100644
> --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM =
> "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
>
> DEPENDS = "zlib openssl"
>
> -SRC_URI =
> "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stabl
> e-0.8 \
> - file://CVE-2020-16135.patch \
> - "
> -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
> +SRC_URI =
> "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stabl
> e-0.10"
> +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
>
> S = "${WORKDIR}/git"
>
> @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \
> -DWITH_PCAP=1 \
> -DWITH_SFTP=1 \
> -DWITH_ZLIB=1 \
> - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \
> + -DWITH_EXAMPLES=0 \
> "
>
> -do_configure:prepend () {
> - # Disable building of examples
> - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/'
> ${S}/CMakeLists.txt \
> - || bbfatal "Failed to disable examples"
> -}
> -
> -TOOLCHAIN = "gcc"
> -
> BBCLASSEXTEND = "native nativesdk"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#107650):
> https://lists.openembedded.org/g/openembedded-devel/message/107650
> Mute This Topic: https://lists.openembedded.org/mt/103278127/3616702
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe:
> https://lists.openembedded.org/g/openembedded-devel/unsub [
> anuj.mittal@intel.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4
2024-01-08 2:14 ` [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 Mittal, Anuj
@ 2024-01-08 2:40 ` Vijay Anusuri
2024-01-08 3:06 ` Mittal, Anuj
0 siblings, 1 reply; 9+ messages in thread
From: Vijay Anusuri @ 2024-01-08 2:40 UTC (permalink / raw)
To: Mittal, Anuj; +Cc: openembedded-devel@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 5721 bytes --]
Hi Anuj,
I thought of updating libssh to 0.10.6 to fix the below security bugs
* Fix CVE-2023-6004: Command injection using proxycommand
* Fix CVE-2023-48795: Potential downgrade attack using strict kex
* Fix CVE-2023-6918: Missing checks for return values of MD functions
Ref: https://lists.openembedded.org/g/openembedded-devel/message/107993
(libssh update to 0.10.6 for master branch)
Now I have to go with backporting the fixes instead of upgrading?
Thanks & Regards,
Vijay
On Mon, Jan 8, 2024 at 7:44 AM Mittal, Anuj <anuj.mittal@intel.com> wrote:
> On Wed, 2023-12-20 at 14:24 +0530, Vijay Anusuri via
> lists.openembedded.org wrote:
> > From: Vijay Anusuri <vanusuri@mvista.com>
> >
> > ChangeLog:
> >
> https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4
>
> I don't think this is allowed as per stable branch policy unless this
> is a bug fix only upgrade.
>
> Thanks,
>
> Anuj
>
> >
> > Drop CVE-2020-16135.patch
> >
> > Ref:
> >
> https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=4b7e4341327e867208bfc3d8ba1954af66641e60
> >
> > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> > ---
> > .../libssh/libssh/CVE-2020-16135.patch | 44 -----------------
> > --
> > .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++-----
> > 2 files changed, 3 insertions(+), 57 deletions(-)
> > delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > 16135.patch
> > rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb =>
> > libssh_0.10.4.bb} (62%)
> >
> > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > 16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > 16135.patch
> > deleted file mode 100644
> > index 63b78688d..000000000
> > --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
> > +++ /dev/null
> > @@ -1,44 +0,0 @@
> > -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00
> > 2001
> > -From: Andreas Schneider <asn@cryptomilk.org>
> > -Date: Wed, 3 Jun 2020 10:04:09 +0200
> > -Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
> > -
> > -Add a missing NULL check for the pointer returned by
> > ssh_buffer_new() in
> > -sftpserver.c.
> > -
> > -Thanks to Ramin Farajpour Cami for spotting this.
> > -
> > -Fixes T232
> > -
> > -Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
> > -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
> > -Reviewed-by: Jakub Jelen <jjelen@redhat.com>
> > -(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
> > -
> > -Upstream-Status: Backport
> > [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d374
> > 8ca69bde5651f20e72761058c]
> > -CVE: CVE-2020-16135
> > -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> > ----
> > - src/sftpserver.c | 6 ++++++
> > - 1 file changed, 6 insertions(+)
> > -
> > -diff --git a/src/sftpserver.c b/src/sftpserver.c
> > -index 1717aa417..1af8a0e76 100644
> > ---- a/src/sftpserver.c
> > -+++ b/src/sftpserver.c
> > -@@ -64,6 +64,12 @@ sftp_client_message
> > sftp_get_client_message(sftp_session sftp) {
> > -
> > - /* take a copy of the whole packet */
> > - msg->complete_message = ssh_buffer_new();
> > -+ if (msg->complete_message == NULL) {
> > -+ ssh_set_error_oom(session);
> > -+ sftp_client_message_free(msg);
> > -+ return NULL;
> > -+ }
> > -+
> > - ssh_buffer_add_data(msg->complete_message,
> > - ssh_buffer_get(payload),
> > - ssh_buffer_get_len(payload));
> > ---
> > -2.25.1
> > -
> > diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-
> > oe/recipes-support/libssh/libssh_0.10.4.bb
> > similarity index 62%
> > rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > index 061f13912..3a57a728a 100644
> > --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM =
> > "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
> >
> > DEPENDS = "zlib openssl"
> >
> > -SRC_URI =
> > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stabl
> > e-0.8 \
> > - file://CVE-2020-16135.patch \
> > - "
> > -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
> > +SRC_URI =
> > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stabl
> > e-0.10"
> > +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
> >
> > S = "${WORKDIR}/git"
> >
> > @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \
> > -DWITH_PCAP=1 \
> > -DWITH_SFTP=1 \
> > -DWITH_ZLIB=1 \
> > - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \
> > + -DWITH_EXAMPLES=0 \
> > "
> >
> > -do_configure:prepend () {
> > - # Disable building of examples
> > - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/'
> > ${S}/CMakeLists.txt \
> > - || bbfatal "Failed to disable examples"
> > -}
> > -
> > -TOOLCHAIN = "gcc"
> > -
> > BBCLASSEXTEND = "native nativesdk"
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#107650):
> > https://lists.openembedded.org/g/openembedded-devel/message/107650
> > Mute This Topic: https://lists.openembedded.org/mt/103278127/3616702
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe:
> > https://lists.openembedded.org/g/openembedded-devel/unsub [
> > anuj.mittal@intel.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
>
[-- Attachment #2: Type: text/html, Size: 9557 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4
2024-01-08 2:40 ` Vijay Anusuri
@ 2024-01-08 3:06 ` Mittal, Anuj
2024-01-08 3:10 ` Vijay Anusuri
0 siblings, 1 reply; 9+ messages in thread
From: Mittal, Anuj @ 2024-01-08 3:06 UTC (permalink / raw)
To: vanusuri@mvista.com; +Cc: openembedded-devel@lists.openembedded.org
On Mon, 2024-01-08 at 08:10 +0530, Vijay Anusuri via
lists.openembedded.org wrote:
> Hi Anuj,
>
> I thought of updating libssh to 0.10.6 to fix the below security bugs
>
> * Fix CVE-2023-6004: Command injection using proxycommand
> * Fix CVE-2023-48795: Potential downgrade attack using strict kex
> * Fix CVE-2023-6918: Missing checks for return values of MD functions
>
> Ref:
> https://lists.openembedded.org/g/openembedded-devel/message/107993
> (libssh update to 0.10.6 for master branch)
>
> Now I have to go with backporting the fixes instead of upgrading?
Yes, that is the policy.
https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#Stable/LTS_Patch_Acceptance_Policies
Thanks,
Anuj
>
> Thanks & Regards,
> Vijay
>
>
>
> On Mon, Jan 8, 2024 at 7:44 AM Mittal, Anuj <anuj.mittal@intel.com>
> wrote:
> > On Wed, 2023-12-20 at 14:24 +0530, Vijay Anusuri via
> > lists.openembedded.org wrote:
> > > From: Vijay Anusuri <vanusuri@mvista.com>
> > >
> > > ChangeLog:
> > > https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4
> >
> > I don't think this is allowed as per stable branch policy unless
> > this
> > is a bug fix only upgrade.
> >
> > Thanks,
> >
> > Anuj
> >
> > >
> > > Drop CVE-2020-16135.patch
> > >
> > > Ref:
> > > https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=4b7e4341327e867208bfc3d8ba1954af66641e60
> > >
> > > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> > > ---
> > > .../libssh/libssh/CVE-2020-16135.patch | 44 -------------
> > > ----
> > > --
> > > .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++-----
> > > 2 files changed, 3 insertions(+), 57 deletions(-)
> > > delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-
> > > 2020-
> > > 16135.patch
> > > rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb =>
> > > libssh_0.10.4.bb} (62%)
> > >
> > > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > > 16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > > 16135.patch
> > > deleted file mode 100644
> > > index 63b78688d..000000000
> > > --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
> > > +++ /dev/null
> > > @@ -1,44 +0,0 @@
> > > -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17
> > > 00:00:00
> > > 2001
> > > -From: Andreas Schneider <asn@cryptomilk.org>
> > > -Date: Wed, 3 Jun 2020 10:04:09 +0200
> > > -Subject: CVE-2020-16135: Add missing NULL check for
> > > ssh_buffer_new()
> > > -
> > > -Add a missing NULL check for the pointer returned by
> > > ssh_buffer_new() in
> > > -sftpserver.c.
> > > -
> > > -Thanks to Ramin Farajpour Cami for spotting this.
> > > -
> > > -Fixes T232
> > > -
> > > -Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
> > > -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
> > > -Reviewed-by: Jakub Jelen <jjelen@redhat.com>
> > > -(cherry picked from commit
> > > 533d881b0f4b24c72b35ecc97fa35d295d063e53)
> > > -
> > > -Upstream-Status: Backport
> > > [
> > > https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3
> > > 74
> > > 8ca69bde5651f20e72761058c]
> > > -CVE: CVE-2020-16135
> > > -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> > > ----
> > > - src/sftpserver.c | 6 ++++++
> > > - 1 file changed, 6 insertions(+)
> > > -
> > > -diff --git a/src/sftpserver.c b/src/sftpserver.c
> > > -index 1717aa417..1af8a0e76 100644
> > > ---- a/src/sftpserver.c
> > > -+++ b/src/sftpserver.c
> > > -@@ -64,6 +64,12 @@ sftp_client_message
> > > sftp_get_client_message(sftp_session sftp) {
> > > -
> > > - /* take a copy of the whole packet */
> > > - msg->complete_message = ssh_buffer_new();
> > > -+ if (msg->complete_message == NULL) {
> > > -+ ssh_set_error_oom(session);
> > > -+ sftp_client_message_free(msg);
> > > -+ return NULL;
> > > -+ }
> > > -+
> > > - ssh_buffer_add_data(msg->complete_message,
> > > - ssh_buffer_get(payload),
> > > - ssh_buffer_get_len(payload));
> > > ---
> > > -2.25.1
> > > -
> > > diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > b/meta-
> > > oe/recipes-support/libssh/libssh_0.10.4.bb
> > > similarity index 62%
> > > rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > > index 061f13912..3a57a728a 100644
> > > --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > > @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM =
> > > "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
> > >
> > > DEPENDS = "zlib openssl"
> > >
> > > -SRC_URI =
> > > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=s
> > > tabl
> > > e-0.8 \
> > > - file://CVE-2020-16135.patch \
> > > - "
> > > -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
> > > +SRC_URI =
> > > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=s
> > > tabl
> > > e-0.10"
> > > +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
> > >
> > > S = "${WORKDIR}/git"
> > >
> > > @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \
> > > -DWITH_PCAP=1 \
> > > -DWITH_SFTP=1 \
> > > -DWITH_ZLIB=1 \
> > > - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \
> > > + -DWITH_EXAMPLES=0 \
> > > "
> > >
> > > -do_configure:prepend () {
> > > - # Disable building of examples
> > > - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/'
> > > ${S}/CMakeLists.txt \
> > > - || bbfatal "Failed to disable examples"
> > > -}
> > > -
> > > -TOOLCHAIN = "gcc"
> > > -
> > > BBCLASSEXTEND = "native nativesdk"
> > >
> > >
> > >
> >
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#108083):
> https://lists.openembedded.org/g/openembedded-devel/message/108083
> Mute This Topic: https://lists.openembedded.org/mt/103278127/3616702
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe:
> https://lists.openembedded.org/g/openembedded-devel/unsub [
> anuj.mittal@intel.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4
2024-01-08 3:06 ` Mittal, Anuj
@ 2024-01-08 3:10 ` Vijay Anusuri
0 siblings, 0 replies; 9+ messages in thread
From: Vijay Anusuri @ 2024-01-08 3:10 UTC (permalink / raw)
To: Mittal, Anuj; +Cc: openembedded-devel@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 6866 bytes --]
Thanks Anuj for the information provided
Thanks & Regards,
Vijay
On Mon, Jan 8, 2024 at 8:36 AM Mittal, Anuj <anuj.mittal@intel.com> wrote:
> On Mon, 2024-01-08 at 08:10 +0530, Vijay Anusuri via
> lists.openembedded.org wrote:
> > Hi Anuj,
> >
> > I thought of updating libssh to 0.10.6 to fix the below security bugs
> >
> > * Fix CVE-2023-6004: Command injection using proxycommand
> > * Fix CVE-2023-48795: Potential downgrade attack using strict kex
> > * Fix CVE-2023-6918: Missing checks for return values of MD functions
> >
> > Ref:
> > https://lists.openembedded.org/g/openembedded-devel/message/107993
> > (libssh update to 0.10.6 for master branch)
> >
> > Now I have to go with backporting the fixes instead of upgrading?
>
> Yes, that is the policy.
>
>
> https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#Stable/LTS_Patch_Acceptance_Policies
>
> Thanks,
>
> Anuj
>
> >
> > Thanks & Regards,
> > Vijay
> >
> >
> >
> > On Mon, Jan 8, 2024 at 7:44 AM Mittal, Anuj <anuj.mittal@intel.com>
> > wrote:
> > > On Wed, 2023-12-20 at 14:24 +0530, Vijay Anusuri via
> > > lists.openembedded.org wrote:
> > > > From: Vijay Anusuri <vanusuri@mvista.com>
> > > >
> > > > ChangeLog:
> > > >
> https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4
> > >
> > > I don't think this is allowed as per stable branch policy unless
> > > this
> > > is a bug fix only upgrade.
> > >
> > > Thanks,
> > >
> > > Anuj
> > >
> > > >
> > > > Drop CVE-2020-16135.patch
> > > >
> > > > Ref:
> > > >
> https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/nanbield-nut&id=4b7e4341327e867208bfc3d8ba1954af66641e60
> > > >
> > > > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> > > > ---
> > > > .../libssh/libssh/CVE-2020-16135.patch | 44 -------------
> > > > ----
> > > > --
> > > > .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++-----
> > > > 2 files changed, 3 insertions(+), 57 deletions(-)
> > > > delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-
> > > > 2020-
> > > > 16135.patch
> > > > rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb =>
> > > > libssh_0.10.4.bb} (62%)
> > > >
> > > > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > > > 16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-
> > > > 16135.patch
> > > > deleted file mode 100644
> > > > index 63b78688d..000000000
> > > > --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
> > > > +++ /dev/null
> > > > @@ -1,44 +0,0 @@
> > > > -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17
> > > > 00:00:00
> > > > 2001
> > > > -From: Andreas Schneider <asn@cryptomilk.org>
> > > > -Date: Wed, 3 Jun 2020 10:04:09 +0200
> > > > -Subject: CVE-2020-16135: Add missing NULL check for
> > > > ssh_buffer_new()
> > > > -
> > > > -Add a missing NULL check for the pointer returned by
> > > > ssh_buffer_new() in
> > > > -sftpserver.c.
> > > > -
> > > > -Thanks to Ramin Farajpour Cami for spotting this.
> > > > -
> > > > -Fixes T232
> > > > -
> > > > -Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
> > > > -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
> > > > -Reviewed-by: Jakub Jelen <jjelen@redhat.com>
> > > > -(cherry picked from commit
> > > > 533d881b0f4b24c72b35ecc97fa35d295d063e53)
> > > > -
> > > > -Upstream-Status: Backport
> > > > [
> > > > https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3
> > > > 74
> > > > 8ca69bde5651f20e72761058c]
> > > > -CVE: CVE-2020-16135
> > > > -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> > > > ----
> > > > - src/sftpserver.c | 6 ++++++
> > > > - 1 file changed, 6 insertions(+)
> > > > -
> > > > -diff --git a/src/sftpserver.c b/src/sftpserver.c
> > > > -index 1717aa417..1af8a0e76 100644
> > > > ---- a/src/sftpserver.c
> > > > -+++ b/src/sftpserver.c
> > > > -@@ -64,6 +64,12 @@ sftp_client_message
> > > > sftp_get_client_message(sftp_session sftp) {
> > > > -
> > > > - /* take a copy of the whole packet */
> > > > - msg->complete_message = ssh_buffer_new();
> > > > -+ if (msg->complete_message == NULL) {
> > > > -+ ssh_set_error_oom(session);
> > > > -+ sftp_client_message_free(msg);
> > > > -+ return NULL;
> > > > -+ }
> > > > -+
> > > > - ssh_buffer_add_data(msg->complete_message,
> > > > - ssh_buffer_get(payload),
> > > > - ssh_buffer_get_len(payload));
> > > > ---
> > > > -2.25.1
> > > > -
> > > > diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > > b/meta-
> > > > oe/recipes-support/libssh/libssh_0.10.4.bb
> > > > similarity index 62%
> > > > rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > > rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > > > index 061f13912..3a57a728a 100644
> > > > --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
> > > > +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb
> > > > @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM =
> > > > "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
> > > >
> > > > DEPENDS = "zlib openssl"
> > > >
> > > > -SRC_URI =
> > > > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=s
> > > > tabl
> > > > e-0.8 \
> > > > - file://CVE-2020-16135.patch \
> > > > - "
> > > > -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
> > > > +SRC_URI =
> > > > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=s
> > > > tabl
> > > > e-0.10"
> > > > +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85"
> > > >
> > > > S = "${WORKDIR}/git"
> > > >
> > > > @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \
> > > > -DWITH_PCAP=1 \
> > > > -DWITH_SFTP=1 \
> > > > -DWITH_ZLIB=1 \
> > > > - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \
> > > > + -DWITH_EXAMPLES=0 \
> > > > "
> > > >
> > > > -do_configure:prepend () {
> > > > - # Disable building of examples
> > > > - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/'
> > > > ${S}/CMakeLists.txt \
> > > > - || bbfatal "Failed to disable examples"
> > > > -}
> > > > -
> > > > -TOOLCHAIN = "gcc"
> > > > -
> > > > BBCLASSEXTEND = "native nativesdk"
> > > >
> > > >
> > > >
> > >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#108083):
> > https://lists.openembedded.org/g/openembedded-devel/message/108083
> > Mute This Topic: https://lists.openembedded.org/mt/103278127/3616702
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe:
> > https://lists.openembedded.org/g/openembedded-devel/unsub [
> > anuj.mittal@intel.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
>
[-- Attachment #2: Type: text/html, Size: 12034 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-01-08 3:10 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-20 8:54 [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 2/4] libssh: add ptest vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 3/4] libssh: Fix build with clang16 vanusuri
2023-12-20 8:54 ` [meta-oe][kirkstone][PATCH v3 4/4] libssh: upgrade 0.10.4 -> 0.10.5 vanusuri
[not found] ` <17A27E534D74AE07.24485@lists.openembedded.org>
2024-01-08 2:03 ` [oe] " Vijay Anusuri
2024-01-08 2:14 ` [oe] [meta-oe][kirkstone][PATCH v3 1/4] libssh: upgrade 0.8.9 -> 0.10.4 Mittal, Anuj
2024-01-08 2:40 ` Vijay Anusuri
2024-01-08 3:06 ` Mittal, Anuj
2024-01-08 3:10 ` Vijay Anusuri
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.