Skip to content

Commit

Permalink
Update libssh2 patches (#50959)
Browse files Browse the repository at this point in the history
We're now using libssh2 v1.11.0 which includes the two patches we were
carrying. The patches need to be dropped in order to build with
`USE_BINARYBUILDER=0`. (This was my bad, I should have made this change
as part of #50826, which updated libssh2 to v1.11.0.)

(cherry picked from commit 315ff53)
  • Loading branch information
ararslan authored and IanButterworth committed Aug 19, 2023
1 parent cd69cc4 commit 1da3068
Show file tree
Hide file tree
Showing 4 changed files with 109 additions and 68 deletions.
16 changes: 4 additions & 12 deletions deps/libssh2.mk
Original file line number Diff line number Diff line change
Expand Up @@ -30,21 +30,13 @@ endif

LIBSSH2_SRC_PATH := $(SRCCACHE)/$(LIBSSH2_SRC_DIR)

# Apply patch to fix v1.10.0 CVE (https://github.com/libssh2/libssh2/issues/649), drop with v1.11
$(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted
$(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted
cd $(LIBSSH2_SRC_PATH) && \
patch -p1 -f < $(SRCDIR)/patches/libssh2-userauth-check.patch
echo 1 > $@

# issue: https://github.com/JuliaLang/julia/issues/45645#issuecomment-1153214379
# fix pr: https://github.com/libssh2/libssh2/pull/711
$(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied: $(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied
cd $(LIBSSH2_SRC_PATH) && \
patch -p1 -f < $(SRCDIR)/patches/libssh2-fix-import-lib-name.patch
patch -p1 -f < $(SRCDIR)/patches/libssh2-mbedtls-size_t.patch
echo 1 > $@

$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: \
$(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied
$(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied

$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extracted
mkdir -p $(dir $@)
Expand All @@ -53,7 +45,7 @@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extr
echo 1 > $@

$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured
$(MAKE) -C $(dir $<) libssh2
$(MAKE) -C $(dir $<)
echo 1 > $@

$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-checked: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled
Expand Down
26 changes: 0 additions & 26 deletions deps/patches/libssh2-fix-import-lib-name.patch

This file was deleted.

105 changes: 105 additions & 0 deletions deps/patches/libssh2-mbedtls-size_t.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
From 6cad964056848d3d78ccc74600fbff6298baddcb Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Tue, 30 May 2023 17:28:03 +0000
Subject: [PATCH 1/1] mbedtls: use more size_t to sync up with crypto.h

Ref: 5a96f494ee0b00282afb2db2e091246fc5e1774a #846 #879

Fixes #1053
Closes #1054
---
src/mbedtls.c | 14 ++++++++------
src/mbedtls.h | 13 ++++++-------
2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/mbedtls.c b/src/mbedtls.c
index e387cdb..cd14a4b 100644
--- a/src/mbedtls.c
+++ b/src/mbedtls.c
@@ -186,7 +186,7 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx)
int
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
mbedtls_md_type_t mdtype,
- const unsigned char *key, unsigned long keylen)
+ const unsigned char *key, size_t keylen)
{
const mbedtls_md_info_t *md_info;
int ret, hmac;
@@ -221,7 +221,7 @@ _libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash)
}

int
-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
+_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
mbedtls_md_type_t mdtype, unsigned char *hash)
{
const mbedtls_md_info_t *md_info;
@@ -497,8 +497,9 @@ int
_libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
size_t hash_len,
const unsigned char *sig,
- unsigned long sig_len,
- const unsigned char *m, unsigned long m_len)
+ size_t sig_len,
+ const unsigned char *m,
+ size_t m_len)
{
int ret;
int md_type;
@@ -548,8 +549,9 @@ _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
int
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
const unsigned char *sig,
- unsigned long sig_len,
- const unsigned char *m, unsigned long m_len)
+ size_t sig_len,
+ const unsigned char *m,
+ size_t m_len)
{
return _libssh2_mbedtls_rsa_sha2_verify(rsactx, SHA_DIGEST_LENGTH,
sig, sig_len, m, m_len);
diff --git a/src/mbedtls.h b/src/mbedtls.h
index d9592f7..03484da 100644
--- a/src/mbedtls.h
+++ b/src/mbedtls.h
@@ -478,12 +478,12 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx);
int
_libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
mbedtls_md_type_t mdtype,
- const unsigned char *key, unsigned long keylen);
+ const unsigned char *key, size_t keylen);

int
_libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash);
int
-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
+_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
mbedtls_md_type_t mdtype, unsigned char *hash);

_libssh2_bn *
@@ -526,9 +526,8 @@ _libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
int
_libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig,
- unsigned long sig_len,
- const unsigned char *m,
- unsigned long m_len);
+ size_t sig_len,
+ const unsigned char *m, size_t m_len);
int
_libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsa,
@@ -540,8 +539,8 @@ int
_libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
size_t hash_len,
const unsigned char *sig,
- unsigned long sig_len,
- const unsigned char *m, unsigned long m_len);
+ size_t sig_len,
+ const unsigned char *m, size_t m_len);
int
_libssh2_mbedtls_rsa_sha2_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsa,
--
2.31.0

30 changes: 0 additions & 30 deletions deps/patches/libssh2-userauth-check.patch

This file was deleted.

0 comments on commit 1da3068

Please sign in to comment.