diff options
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch | 37 | ||||
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh_0.10.6.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch new file mode 100644 index 0000000000..08395e0e7d --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | From 90b4845e0c98574bbf7bea9e97796695f064bf57 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Jelen <jjelen@redhat.com> | ||
| 3 | Date: Tue, 6 May 2025 22:51:41 +0200 | ||
| 4 | Subject: [PATCH] CVE-2025-5987 libcrypto: Correctly detect failures of chacha | ||
| 5 | initialization | ||
| 6 | |||
| 7 | Signed-off-by: Jakub Jelen <jjelen@redhat.com> | ||
| 8 | Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | ||
| 9 | |||
| 10 | CVE: CVE-2025-5987 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57] | ||
| 13 | |||
| 14 | Signed-off-by: Divya Chellam <divya.chellam@windriver.com> | ||
| 15 | --- | ||
| 16 | src/libcrypto.c | 4 ++-- | ||
| 17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/src/libcrypto.c b/src/libcrypto.c | ||
| 20 | index 76e067d3..69a850de 100644 | ||
| 21 | --- a/src/libcrypto.c | ||
| 22 | +++ b/src/libcrypto.c | ||
| 23 | @@ -771,9 +771,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher, | ||
| 24 | SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed"); | ||
| 25 | goto out; | ||
| 26 | } | ||
| 27 | - ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, | ||
| 28 | + rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL, | ||
| 29 | u8key + CHACHA20_KEYLEN, NULL); | ||
| 30 | - if (ret != 1) { | ||
| 31 | + if (rv != 1) { | ||
| 32 | SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed"); | ||
| 33 | goto out; | ||
| 34 | } | ||
| 35 | -- | ||
| 36 | 2.40.0 | ||
| 37 | |||
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb index 6932da5175..bf91e69bc8 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb | |||
| @@ -16,6 +16,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable | |||
| 16 | file://CVE-2025-4877.patch \ | 16 | file://CVE-2025-4877.patch \ |
| 17 | file://CVE-2025-4878-0001.patch \ | 17 | file://CVE-2025-4878-0001.patch \ |
| 18 | file://CVE-2025-4878-0002.patch \ | 18 | file://CVE-2025-4878-0002.patch \ |
| 19 | file://CVE-2025-5987.patch \ | ||
| 19 | " | 20 | " |
| 20 | SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" | 21 | SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" |
| 21 | 22 | ||
