Add a security patch to libssh2 to guard it against the Terrapin attack.

2025-01-24 06:52:14 +08:00 · 2023-12-26 22:06:42 -06:00 · 2023-12-26 22:06:42 -06:00 · bc35d575e4
commit bc35d575e4
parent 41557a5e32
2 changed files with 14 additions and 3 deletions
--- a/general/genlib/libssh2.xml
+++ b/general/genlib/libssh2.xml
@ -66,17 +66,16 @@
      </listitem>
    </itemizedlist>

-<!--
+
    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Required patch:
-          <ulink url="&patch-root;/libssh2-&libssh2-version;-upstream_fix-1.patch"/>
+          <ulink url="&patch-root;/libssh2-&libssh2-version;-security_fixes-1.patch"/>
        </para>
      </listitem>
    </itemizedlist>
-->

    <bridgehead renderas="sect3">libssh2 Dependencies</bridgehead>

@ -94,6 +93,13 @@
  <sect2 role="installation">
    <title>Installation of libssh2</title>

+    <para>
+      <!-- the Terrapin attack -->
+      First, fix a critical security vulnerability in libssh2:
+    </para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../libssh2-&libssh2-version;-security_fixes-1.patch</userinput></screen>
+
    <para>
      If you want to test the package, exclude the tests requiring a static
      library:
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -41,6 +41,11 @@
    <listitem>
      <para>December 26th, 2023</para>
      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Add a security patch to libssh2 to guard it against
+          the Terrapin attack. Fixes
+          <ulink url="&blfs-ticket-root;19023">#19023</ulink>.</para>
+        </listitem>
        <listitem>
          <para>[renodr] - Update to openssh-9.6p1 (Security Update). Fixes
          <ulink url="&blfs-ticket-root;19023">#19023</ulink>.</para>