[1/1] package/libssh2: update the patches to be applied with fuzz 0
diff mbox series

Message ID 20240703142308.2752594-1-dario.binacchi@amarulasolutions.com
State New
Headers show
Series
  • [1/1] package/libssh2: update the patches to be applied with fuzz 0
Related show

Commit Message

Dario Binacchi July 3, 2024, 2:23 p.m. UTC 
Commit 8f88a644ed7d6 ("support/scripts/apply-patches.sh: set the maximum
fuzz factor to 0") reduced the fuzz factor.

Due to this change, libssh2 fails to build with output:

    Applying 0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch using patch:
    patching file src/kex.c
    Hunk #1 succeeded at 3037 (offset 5 lines).
    Hunk #2 succeeded at 3062 (offset 5 lines).
    Hunk #3 succeeded at 3315 (offset 5 lines).
    Hunk #4 succeeded at 3406 (offset 5 lines).
    Hunk #5 succeeded at 3440 (offset 5 lines).
    Hunk #6 succeeded at 3476 (offset 5 lines).
    Hunk #7 succeeded at 3489 (offset 5 lines).
    Hunk #8 succeeded at 3523 (offset 5 lines).
    Hunk #9 succeeded at 3569 (offset 5 lines).
    Hunk #10 succeeded at 3591 (offset 5 lines).
    Hunk #11 succeeded at 3633 (offset 5 lines).
    Hunk #12 succeeded at 3654 (offset 5 lines).
    Hunk #13 succeeded at 3687 (offset 5 lines).
    Hunk #14 succeeded at 3709 (offset 5 lines).
    Hunk #15 succeeded at 3892 (offset 5 lines).
    Hunk #16 succeeded at 3918 (offset 5 lines).
    Hunk #17 succeeded at 3967 (offset 5 lines).
    patching file src/libssh2_priv.h
    Hunk #1 succeeded at 699 (offset -37 lines).
    Hunk #2 succeeded at 873 (offset -38 lines).
    Hunk #3 succeeded at 914 (offset -38 lines).
    Hunk #4 succeeded at 1149 (offset -38 lines).
    patching file src/packet.c
    Hunk #1 succeeded at 605 (offset -19 lines).
    Hunk #2 succeeded at 656 (offset -19 lines).
    Hunk #3 succeeded at 1404 (offset -23 lines).
    Hunk #4 succeeded at 1474 (offset -23 lines).
    patching file src/packet.h
    Hunk #1 FAILED at 72.
    1 out of 1 hunk FAILED -- saving rejects to file src/packet.h.rej

This commit refreshes the package patches on the current package version.

Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
---
 ...d-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

'Jan Kiszka' via Amarula Linux July 3, 2024, 3:07 p.m. UTC | #1 
Hello Dario,

Le 03/07/2024 à 16:23, Dario Binacchi a écrit :
> Commit 8f88a644ed7d6 ("support/scripts/apply-patches.sh: set the maximum
> fuzz factor to 0") reduced the fuzz factor.
> 
> Due to this change, libssh2 fails to build with output:
> 
>     Applying 0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch using patch:
>     patching file src/kex.c
>     Hunk #1 succeeded at 3037 (offset 5 lines).
>     Hunk #2 succeeded at 3062 (offset 5 lines).
>     Hunk #3 succeeded at 3315 (offset 5 lines).
>     Hunk #4 succeeded at 3406 (offset 5 lines).
>     Hunk #5 succeeded at 3440 (offset 5 lines).
>     Hunk #6 succeeded at 3476 (offset 5 lines).
>     Hunk #7 succeeded at 3489 (offset 5 lines).
>     Hunk #8 succeeded at 3523 (offset 5 lines).
>     Hunk #9 succeeded at 3569 (offset 5 lines).
>     Hunk #10 succeeded at 3591 (offset 5 lines).
>     Hunk #11 succeeded at 3633 (offset 5 lines).
>     Hunk #12 succeeded at 3654 (offset 5 lines).
>     Hunk #13 succeeded at 3687 (offset 5 lines).
>     Hunk #14 succeeded at 3709 (offset 5 lines).
>     Hunk #15 succeeded at 3892 (offset 5 lines).
>     Hunk #16 succeeded at 3918 (offset 5 lines).
>     Hunk #17 succeeded at 3967 (offset 5 lines).
>     patching file src/libssh2_priv.h
>     Hunk #1 succeeded at 699 (offset -37 lines).
>     Hunk #2 succeeded at 873 (offset -38 lines).
>     Hunk #3 succeeded at 914 (offset -38 lines).
>     Hunk #4 succeeded at 1149 (offset -38 lines).
>     patching file src/packet.c
>     Hunk #1 succeeded at 605 (offset -19 lines).
>     Hunk #2 succeeded at 656 (offset -19 lines).
>     Hunk #3 succeeded at 1404 (offset -23 lines).
>     Hunk #4 succeeded at 1474 (offset -23 lines).
>     patching file src/packet.h
>     Hunk #1 FAILED at 72.
>     1 out of 1 hunk FAILED -- saving rejects to file src/packet.h.rej
> 
> This commit refreshes the package patches on the current package version.

There are still some Hunk while applying this patch even if patch command
doesn't error out. While at it, you can complete the rework to remove them?

Best regards,
Romain


> 
> Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
> ---
>  ...d-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch b/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
> index 2ccedee19e93..2abed8432054 100644
> --- a/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
> +++ b/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
> @@ -15,6 +15,8 @@ Closes #1291
>  
>  Upstream: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
>  Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +[Dario: make the patch to be applied with fuzz factor 0]
> +Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
>  ---
>   src/kex.c          | 63 +++++++++++++++++++++++------------
>   src/libssh2_priv.h | 18 +++++++---
> @@ -387,14 +389,14 @@ diff --git a/src/packet.h b/src/packet.h
>  index 1d90b8af12..955351e5f6 100644
>  --- a/src/packet.h
>  +++ b/src/packet.h
> -@@ -72,6 +72,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session,
> +@@ -71,6 +71,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session,
>   int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data,
>                             unsigned long data_len);
>   int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
>  -                        size_t datalen, int macstate);
>  +                        size_t datalen, int macstate, uint32_t seq);
>   
> - #endif /* LIBSSH2_PACKET_H */
> + #endif /* __LIBSSH2_PACKET_H */
>  diff --git a/src/session.c b/src/session.c
>  index 35e7929fe7..9d89ade8ec 100644
>  --- a/src/session.c

To unsubscribe from this group and stop receiving emails from it, send an email to linux-amarula+unsubscribe@amarulasolutions.com.

Patch
diff mbox series 

diff --git a/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch b/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
index 2ccedee19e93..2abed8432054 100644
--- a/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
+++ b/package/libssh2/0002-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-Attack.patch
@@ -15,6 +15,8 @@  Closes #1291
 
 Upstream: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Dario: make the patch to be applied with fuzz factor 0]
+Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
 ---
  src/kex.c          | 63 +++++++++++++++++++++++------------
  src/libssh2_priv.h | 18 +++++++---
@@ -387,14 +389,14 @@  diff --git a/src/packet.h b/src/packet.h
 index 1d90b8af12..955351e5f6 100644
 --- a/src/packet.h
 +++ b/src/packet.h
-@@ -72,6 +72,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session,
+@@ -71,6 +71,6 @@ int _libssh2_packet_burn(LIBSSH2_SESSION * session,
  int _libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data,
                            unsigned long data_len);
  int _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
 -                        size_t datalen, int macstate);
 +                        size_t datalen, int macstate, uint32_t seq);
  
- #endif /* LIBSSH2_PACKET_H */
+ #endif /* __LIBSSH2_PACKET_H */
 diff --git a/src/session.c b/src/session.c
 index 35e7929fe7..9d89ade8ec 100644
 --- a/src/session.c