From 3ce83d4ce240cb4ae2923a13f96a634bacd54821 Mon Sep 17 00:00:00 2001 From: WB02254423 Date: Tue, 15 Jul 2025 06:00:15 -0400 Subject: [PATCH] add patch to fix cve --- 0024-CVE-2025-5372.patch | 143 +++++++++++++++++++++++++++++++++++++++ libssh.spec | 8 ++- 2 files changed, 149 insertions(+), 2 deletions(-) create mode 100644 0024-CVE-2025-5372.patch diff --git a/0024-CVE-2025-5372.patch b/0024-CVE-2025-5372.patch new file mode 100644 index 0000000..eac6f12 --- /dev/null +++ b/0024-CVE-2025-5372.patch @@ -0,0 +1,143 @@ +From 3029442fa6ccc9bf09150077e38f471ffbdb4221 Mon Sep 17 00:00:00 2001 +From: sa-buc +Date: Wed, 14 May 2025 14:07:58 +0200 + +--- + src/libcrypto.c | 64 ++++++++++++++++++++++--------------------------- + 1 file changed, 29 insertions(+), 35 deletions(-) + +diff --git a/src/libcrypto.c b/src/libcrypto.c +index ebdca6e..e75dc56 100644 +--- a/src/libcrypto.c ++++ b/src/libcrypto.c +@@ -217,7 +217,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, + uint8_t key_type, unsigned char *output, + size_t requested_len) + { +- int rc = -1; ++ int ret = SSH_ERROR, rv; + #if OPENSSL_VERSION_NUMBER < 0x30000000L + EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); + #else +@@ -239,81 +239,75 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, + } + + #if OPENSSL_VERSION_NUMBER < 0x30000000L +- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, ++ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, + sshkdf_digest_to_md(crypto->digest_type)); +- if (rc != 1) { ++ if (rv != 1) { + goto out; + } +- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len); +- if (rc != 1) { ++ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len); ++ if (rv != 1) { + goto out; + } +- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, ++ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, + crypto->secret_hash, crypto->digest_len); +- if (rc != 1) { ++ if (rv != 1) { + goto out; + } +- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type); +- if (rc != 1) { ++ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type); ++ if (rv != 1) { + goto out; + } +- rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, ++ rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, + crypto->session_id, crypto->session_id_len); +- if (rc != 1) { ++ if (rv != 1) { + goto out; + } +- rc = EVP_KDF_derive(ctx, output, requested_len); +- if (rc != 1) { ++ rv = EVP_KDF_derive(ctx, output, requested_len); ++ if (rv != 1) { + goto out; + } + #else +- rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST, ++ rv = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST, + md, strlen(md)); +- if (rc != 1) { +- rc = -1; ++ if (rv != 1) { + goto out; + } +- rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY, ++ rv = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY, + key, key_len); +- if (rc != 1) { +- rc = -1; ++ if (rv != 1) { + goto out; + } +- rc = OSSL_PARAM_BLD_push_octet_string(param_bld, ++ rv = OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_KDF_PARAM_SSHKDF_XCGHASH, + crypto->secret_hash, + crypto->digest_len); +- if (rc != 1) { +- rc = -1; ++ if (rv != 1) { + goto out; + } +- rc = OSSL_PARAM_BLD_push_octet_string(param_bld, ++ rv = OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_KDF_PARAM_SSHKDF_SESSION_ID, + crypto->session_id, + crypto->session_id_len); +- if (rc != 1) { +- rc = -1; +- goto out; ++ if (rv != 1) { ++ goto out; + } +- rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE, ++ rv = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE, + (const char*)&key_type, 1); +- if (rc != 1) { +- rc = -1; ++ if (rv != 1) { + goto out; + } + + params = OSSL_PARAM_BLD_to_param(param_bld); + if (params == NULL) { +- rc = -1; + goto out; + } + +- rc = EVP_KDF_derive(ctx, output, requested_len, params); +- if (rc != 1) { +- rc = -1; ++ rv = EVP_KDF_derive(ctx, output, requested_len, params); ++ if (rv != 1) { + goto out; + } + #endif /* OPENSSL_VERSION_NUMBER */ ++ ret = SSH_OK; + + out: + #if OPENSSL_VERSION_NUMBER >= 0x30000000L +@@ -321,8 +315,8 @@ out: + OSSL_PARAM_free(params); + #endif + EVP_KDF_CTX_free(ctx); +- if (rc < 0) { +- return rc; ++ if (ret < 0) { ++ return ret; + } + return 0; + } +-- +2.43.5 + diff --git a/libssh.spec b/libssh.spec index ba77145..e44e950 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,4 +1,4 @@ -%define anolis_release 6 +%define anolis_release 7 %global _smp_build_ncpus 1 Name: libssh @@ -40,7 +40,8 @@ Patch0021: 0021-tests-Increase-test-coverage-for-IPv6-address-parsin.patch Patch0022: 0022-libssh-0.10.6-rekey-timeout.patch # https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 Patch0023: 0023-CVE-2025-5318.patch - +# https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972 +Patch0024: 0024-CVE-2025-5372.patch BuildRequires: cmake gcc-c++ BuildRequires: openssl-devel zlib-devel krb5-devel libcmocka-devel @@ -151,6 +152,9 @@ popd %doc AUTHORS CHANGELOG README %changelog +* Tue Jul 15 2025 zjl02254423 - 0.10.5-7 +- Fix CVE-2025-5372 + * Fri Jul 4 2025 wh02252983 - 0.10.5-6 - Fix CVE-2025-5318 -- Gitee