From ad8996586e9187943432861488872fa9e84bcf2c Mon Sep 17 00:00:00 2001 From: Alex Arslan Date: Fri, 18 Aug 2023 09:06:44 -0700 Subject: [PATCH] Update libssh2 patches (#50959) We're now using libssh2 v1.11.0 which includes the two patches we were carrying. The patches need to be dropped in order to build with `USE_BINARYBUILDER=0`. (This was my bad, I should have made this change as part of #50826, which updated libssh2 to v1.11.0.) (cherry picked from commit 315ff53a37556ae0d26188d73f97325be44c26de) --- deps/libssh2.mk | 16 +-- .../patches/libssh2-fix-import-lib-name.patch | 26 ----- deps/patches/libssh2-mbedtls-size_t.patch | 105 ++++++++++++++++++ deps/patches/libssh2-userauth-check.patch | 30 ----- 4 files changed, 109 insertions(+), 68 deletions(-) delete mode 100644 deps/patches/libssh2-fix-import-lib-name.patch create mode 100644 deps/patches/libssh2-mbedtls-size_t.patch delete mode 100644 deps/patches/libssh2-userauth-check.patch diff --git a/deps/libssh2.mk b/deps/libssh2.mk index d0174c0c090e22..3f9738515e4a12 100644 --- a/deps/libssh2.mk +++ b/deps/libssh2.mk @@ -30,21 +30,13 @@ endif LIBSSH2_SRC_PATH := $(SRCCACHE)/$(LIBSSH2_SRC_DIR) - # Apply patch to fix v1.10.0 CVE (https://github.com/libssh2/libssh2/issues/649), drop with v1.11 -$(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted +$(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted cd $(LIBSSH2_SRC_PATH) && \ - patch -p1 -f < $(SRCDIR)/patches/libssh2-userauth-check.patch - echo 1 > $@ - -# issue: https://github.com/JuliaLang/julia/issues/45645#issuecomment-1153214379 -# fix pr: https://github.com/libssh2/libssh2/pull/711 -$(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied: $(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied - cd $(LIBSSH2_SRC_PATH) && \ - patch -p1 -f < $(SRCDIR)/patches/libssh2-fix-import-lib-name.patch + patch -p1 -f < $(SRCDIR)/patches/libssh2-mbedtls-size_t.patch echo 1 > $@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: \ - $(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied + $(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extracted mkdir -p $(dir $@) @@ -53,7 +45,7 @@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extr echo 1 > $@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured - $(MAKE) -C $(dir $<) libssh2 + $(MAKE) -C $(dir $<) echo 1 > $@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-checked: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled diff --git a/deps/patches/libssh2-fix-import-lib-name.patch b/deps/patches/libssh2-fix-import-lib-name.patch deleted file mode 100644 index 15aafb58d2736c..00000000000000 --- a/deps/patches/libssh2-fix-import-lib-name.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 3732420725efbf410df5863b91a09ca214ee18ba Mon Sep 17 00:00:00 2001 -From: "Y. Yang" -Date: Thu, 16 Jun 2022 19:16:37 +0800 -Subject: [PATCH] Fix DLL import library name - -https://aur.archlinux.org/packages/mingw-w64-libssh2 -https://cmake.org/cmake/help/latest/prop_tgt/IMPORT_PREFIX.html ---- - src/CMakeLists.txt | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index cb8fee1..17ecefd 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -220,6 +220,7 @@ endif() - add_library(libssh2 ${SOURCES}) - # we want it to be called libssh2 on all platforms - set_target_properties(libssh2 PROPERTIES PREFIX "") -+set_target_properties(libssh2 PROPERTIES IMPORT_PREFIX "") - - target_compile_definitions(libssh2 PRIVATE ${PRIVATE_COMPILE_DEFINITIONS}) - target_include_directories(libssh2 --- -2.36.1 - diff --git a/deps/patches/libssh2-mbedtls-size_t.patch b/deps/patches/libssh2-mbedtls-size_t.patch new file mode 100644 index 00000000000000..502adf6bdf4399 --- /dev/null +++ b/deps/patches/libssh2-mbedtls-size_t.patch @@ -0,0 +1,105 @@ +From 6cad964056848d3d78ccc74600fbff6298baddcb Mon Sep 17 00:00:00 2001 +From: Viktor Szakats +Date: Tue, 30 May 2023 17:28:03 +0000 +Subject: [PATCH 1/1] mbedtls: use more size_t to sync up with crypto.h + +Ref: 5a96f494ee0b00282afb2db2e091246fc5e1774a #846 #879 + +Fixes #1053 +Closes #1054 +--- + src/mbedtls.c | 14 ++++++++------ + src/mbedtls.h | 13 ++++++------- + 2 files changed, 14 insertions(+), 13 deletions(-) + +diff --git a/src/mbedtls.c b/src/mbedtls.c +index e387cdb..cd14a4b 100644 +--- a/src/mbedtls.c ++++ b/src/mbedtls.c +@@ -186,7 +186,7 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx) + int + _libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx, + mbedtls_md_type_t mdtype, +- const unsigned char *key, unsigned long keylen) ++ const unsigned char *key, size_t keylen) + { + const mbedtls_md_info_t *md_info; + int ret, hmac; +@@ -221,7 +221,7 @@ _libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash) + } + + int +-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen, ++_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen, + mbedtls_md_type_t mdtype, unsigned char *hash) + { + const mbedtls_md_info_t *md_info; +@@ -497,8 +497,9 @@ int + _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx, + size_t hash_len, + const unsigned char *sig, +- unsigned long sig_len, +- const unsigned char *m, unsigned long m_len) ++ size_t sig_len, ++ const unsigned char *m, ++ size_t m_len) + { + int ret; + int md_type; +@@ -548,8 +549,9 @@ _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx, + int + _libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx * rsactx, + const unsigned char *sig, +- unsigned long sig_len, +- const unsigned char *m, unsigned long m_len) ++ size_t sig_len, ++ const unsigned char *m, ++ size_t m_len) + { + return _libssh2_mbedtls_rsa_sha2_verify(rsactx, SHA_DIGEST_LENGTH, + sig, sig_len, m, m_len); +diff --git a/src/mbedtls.h b/src/mbedtls.h +index d9592f7..03484da 100644 +--- a/src/mbedtls.h ++++ b/src/mbedtls.h +@@ -478,12 +478,12 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx); + int + _libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx, + mbedtls_md_type_t mdtype, +- const unsigned char *key, unsigned long keylen); ++ const unsigned char *key, size_t keylen); + + int + _libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash); + int +-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen, ++_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen, + mbedtls_md_type_t mdtype, unsigned char *hash); + + _libssh2_bn * +@@ -526,9 +526,8 @@ _libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa, + int + _libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa, + const unsigned char *sig, +- unsigned long sig_len, +- const unsigned char *m, +- unsigned long m_len); ++ size_t sig_len, ++ const unsigned char *m, size_t m_len); + int + _libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION *session, + libssh2_rsa_ctx *rsa, +@@ -540,8 +539,8 @@ int + _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx, + size_t hash_len, + const unsigned char *sig, +- unsigned long sig_len, +- const unsigned char *m, unsigned long m_len); ++ size_t sig_len, ++ const unsigned char *m, size_t m_len); + int + _libssh2_mbedtls_rsa_sha2_sign(LIBSSH2_SESSION *session, + libssh2_rsa_ctx *rsa, +-- +2.31.0 + diff --git a/deps/patches/libssh2-userauth-check.patch b/deps/patches/libssh2-userauth-check.patch deleted file mode 100644 index 1dc6108ebece79..00000000000000 --- a/deps/patches/libssh2-userauth-check.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 37ee0aa214655b63e7869d1d74ff1ec9f9818a5e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 17 Dec 2021 17:46:29 +0100 -Subject: [PATCH] userauth: check for too large userauth_kybd_auth_name_len - (#650) - -... before using it. - -Reported-by: MarcoPoloPie -Fixes #649 ---- - src/userauth.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/userauth.c b/src/userauth.c -index 40ef915..caa5635 100644 ---- a/src/userauth.c -+++ b/src/userauth.c -@@ -1769,6 +1769,11 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, - if(session->userauth_kybd_data_len >= 5) { - /* string name (ISO-10646 UTF-8) */ - session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s); -+ if(session->userauth_kybd_auth_name_len > -+ session->userauth_kybd_data_len - 5) -+ return _libssh2_error(session, -+ LIBSSH2_ERROR_OUT_OF_BOUNDARY, -+ "Bad keyboard auth name"); - s += 4; - } - else {