Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)

Have libssh-devel require cmake-filesystem
This commit is contained in:
Orion Poplawski 2023-05-05 09:51:28 -06:00
parent 26da1b5f58
commit 471d720f0c
4 changed files with 11 additions and 106 deletions

2
.gitignore vendored
View File

@ -66,3 +66,5 @@ libssh-0.4.4.tar.gz.asc
/libssh-0.10.3.tar.xz.asc /libssh-0.10.3.tar.xz.asc
/libssh-0.10.4.tar.xz /libssh-0.10.4.tar.xz
/libssh-0.10.4.tar.xz.asc /libssh-0.10.4.tar.xz.asc
/libssh-0.10.5.tar.xz
/libssh-0.10.5.tar.xz.asc

View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.10.4 Version: 0.10.5
Release: 4%{?dist} Release: 1%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
URL: http://www.libssh.org URL: http://www.libssh.org
@ -40,8 +40,6 @@ Provides: libssh_threads.so.4()(64bit)
Provides: libssh_threads.so.4 Provides: libssh_threads.so.4
%endif %endif
Patch1: pkcs11_test_fix.patch
%description %description
The ssh library was designed to be used by programmers needing a working SSH The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is implementation by the mean of a library. The complete control of the client is
@ -53,6 +51,7 @@ third-party programs others than libcrypto (from openssl).
%package devel %package devel
Summary: Development files for %{name} Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: cmake-filesystem
%description devel %description devel
The %{name}-devel package contains libraries and header files for developing The %{name}-devel package contains libraries and header files for developing
@ -120,8 +119,6 @@ popd
%files devel %files devel
%{_includedir}/libssh/ %{_includedir}/libssh/
# own this to avoid dep on cmake -- rex
%dir %{_libdir}/cmake/
%{_libdir}/cmake/libssh/ %{_libdir}/cmake/libssh/
%{_libdir}/pkgconfig/libssh.pc %{_libdir}/pkgconfig/libssh.pc
%{_libdir}/libssh.so %{_libdir}/libssh.so
@ -133,6 +130,10 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Fri May 05 2023 Orion Poplawski <orion@nwra.com> - 0.10.5-1
- Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)
- Have libssh-devel require cmake-filesystem
* Sun Mar 05 2023 Andreas Schneider <asn@redhat.com> - 0.10.4-4 * Sun Mar 05 2023 Andreas Schneider <asn@redhat.com> - 0.10.4-4
- Update License to SPDX expression - Update License to SPDX expression

View File

@ -1,98 +0,0 @@
diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
index 532c86a7..9050cea6 100755
--- a/tests/pkcs11/setup-softhsm-tokens.sh
+++ b/tests/pkcs11/setup-softhsm-tokens.sh
@@ -17,10 +17,10 @@ echo "OBJNAME: $OBJNAME"
echo "LOADPUBLIC: $LOADPUBLIC"
# Create temporary directory for tokens
-install -d -m 0755 $TESTDIR/db
+install -d -m 0755 "$TESTDIR/db"
# Create SoftHSM configuration file
-cat >$TESTDIR/softhsm.conf <<EOF
+cat >"$TESTDIR/softhsm.conf" <<EOF
directories.tokendir = $TESTDIR/db
objectstore.backend = file
log.level = DEBUG
@@ -28,12 +28,12 @@ EOF
export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
-cat $TESTDIR/softhsm.conf
+cat "$TESTDIR/softhsm.conf"
#init
-cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
+cmd="softhsm2-util --init-token --label $OBJNAME --free --pin 1234 --so-pin 1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Init token failed"
@@ -41,10 +41,29 @@ if [ $ret -ne 0 ]; then
exit 1
fi
+find_library_path() {
+ echo "$@"
+ for _lib in "$@" ; do
+ if test -f "$_lib" ; then
+ LIBSOFTHSM_PATH="$_lib"
+ echo "Using libsofthsm path: $LIBSOFTHSM_PATH"
+ return
+ fi
+ done
+ echo "libsofthsm2.so not found"
+ exit 1
+}
+
+find_library_path \
+ /usr/lib64/libsofthsm2.so \
+ /usr/lib/libsofthsm2.so \
+ /usr/local/lib/softhsm/libsofthsm2.so \
+ /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
#load private key
-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading privkey failed"
@@ -52,15 +71,15 @@ if [ $ret -ne 0 ]; then
exit 1
fi
-cat $PUBKEY
+cat "$PUBKEY"
-ls -l $TESTDIR
+ls -l "$TESTDIR"
-if [ $LOADPUBLIC -ne 0 ]; then
+if [ "$LOADPUBLIC" -ne 0 ]; then
#load public key
- cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+ cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
- out=$(eval $cmd)
+ out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading pubkey failed"
@@ -69,9 +88,9 @@ if [ $LOADPUBLIC -ne 0 ]; then
fi
fi
-cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
+cmd="p11tool --list-all --login \"pkcs11:token=$OBJNAME\" --set-pin=1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loging failed"

View File

@ -1,2 +1,2 @@
SHA512 (libssh-0.10.4.tar.xz) = 01ee52d480201d9886c15e81137c185334b404d1c8e8b743ddf58e95fe8619c8c013616a49807bd1111fde72fa177cd35f3c22b66cbf5d720b5abfacdf7601ed SHA512 (libssh-0.10.5.tar.xz) = 2b758f9df2b5937865d4aee775ffeafafe3ae6739a89dfc470e38c7394e3c3cb5fcf8f842fdae04929890ee7e47bf8f50e3a38e82dfd26a009f3aae009d589e0
SHA512 (libssh-0.10.4.tar.xz.asc) = 8200215d6471851dac8cd8efd07400b9bc4403cf5406a9fdb28a68ef8fe85c227f92a26071fb32d9396b91661568333b5ceb9b23665d22e761b981dd880bbbc8 SHA512 (libssh-0.10.5.tar.xz.asc) = aad5e75d0a5b2e93c6de08f2b6953f05dbef47e14a08eb75c57d3f519a8323064454ba5fbc86b3538489f571a5e446ed942f2b1cea2063c8645ef36815dd2511