summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch37
-rw-r--r--meta-oe/recipes-support/libssh/libssh_0.10.6.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch
new file mode 100644
index 0000000000..08395e0e7d
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch
@@ -0,0 +1,37 @@
1From 90b4845e0c98574bbf7bea9e97796695f064bf57 Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Tue, 6 May 2025 22:51:41 +0200
4Subject: [PATCH] CVE-2025-5987 libcrypto: Correctly detect failures of chacha
5 initialization
6
7Signed-off-by: Jakub Jelen <jjelen@redhat.com>
8Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
9
10CVE: CVE-2025-5987
11
12Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57]
13
14Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
15---
16 src/libcrypto.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/src/libcrypto.c b/src/libcrypto.c
20index 76e067d3..69a850de 100644
21--- a/src/libcrypto.c
22+++ b/src/libcrypto.c
23@@ -771,9 +771,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
24 SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
25 goto out;
26 }
27- ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
28+ rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
29 u8key + CHACHA20_KEYLEN, NULL);
30- if (ret != 1) {
31+ if (rv != 1) {
32 SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
33 goto out;
34 }
35--
362.40.0
37
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
index 6932da5175..bf91e69bc8 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
16 file://CVE-2025-4877.patch \ 16 file://CVE-2025-4877.patch \
17 file://CVE-2025-4878-0001.patch \ 17 file://CVE-2025-4878-0001.patch \
18 file://CVE-2025-4878-0002.patch \ 18 file://CVE-2025-4878-0002.patch \
19 file://CVE-2025-5987.patch \
19 " 20 "
20SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" 21SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
21 22