import libssh-0.9.6-3.el8

This commit is contained in:
CentOS Sources 2021-11-11 08:20:58 +00:00 committed by Stepan Oksanichenko
parent 49720ca34c
commit 5e6e01cb81
11 changed files with 47 additions and 322 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libssh-0.9.4.tar.xz
SOURCES/libssh-0.9.6.tar.xz
SOURCES/libssh.keyring

View File

@ -1,2 +1,2 @@
93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz
1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring

View File

@ -1,125 +0,0 @@
From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 19 Jun 2020 11:59:33 +0200
Subject: [PATCH] tests: Add test for CVE-2019-14889
The test checks if a command appended to the file path is not executed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++
1 file changed, 84 insertions(+)
diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c
index 8f080af3..59a00bae 100644
--- a/tests/client/torture_scp.c
+++ b/tests/client/torture_scp.c
@@ -37,6 +37,7 @@
#define BUF_SIZE 1024
#define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
+#define ALICE_HOME BINARYDIR "/tests/home/alice"
struct scp_st {
struct torture_state *s;
@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state)
fclose(file);
}
+static void torture_scp_upload_appended_command(void **state)
+{
+ struct scp_st *ts = NULL;
+ struct torture_state *s = NULL;
+
+ ssh_session session = NULL;
+ ssh_scp scp = NULL;
+
+ FILE *file = NULL;
+
+ char buf[1024];
+ char *rs = NULL;
+ int rc;
+
+ assert_non_null(state);
+ ts = *state;
+
+ assert_non_null(ts->s);
+ s = ts->s;
+
+ session = s->ssh.session;
+ assert_non_null(session);
+
+ assert_non_null(ts->tmp_dir_basename);
+ assert_non_null(ts->tmp_dir);
+
+ /* Upload a file path with a command appended */
+
+ /* Append a command to the file path */
+ snprintf(buf, BUF_SIZE, "%s"
+ "/;touch hack",
+ ts->tmp_dir);
+
+ /* When writing the file_name must be the directory name */
+ scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE,
+ buf);
+ assert_non_null(scp);
+
+ rc = ssh_scp_init(scp);
+ assert_ssh_return_code(session, rc);
+
+ /* Push directory where the new file will be copied */
+ rc = ssh_scp_push_directory(scp, ";touch hack", 0755);
+ assert_ssh_return_code(session, rc);
+
+ /* Try to push file */
+ rc = ssh_scp_push_file(scp, "original", 8, 0644);
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_scp_write(scp, "original", 8);
+ assert_ssh_return_code(session, rc);
+
+ /* Leave the directory */
+ rc = ssh_scp_leave_directory(scp);
+ assert_ssh_return_code(session, rc);
+
+ /* Cleanup */
+ ssh_scp_close(scp);
+ ssh_scp_free(scp);
+
+ /* Make sure the command was not executed */
+ snprintf(buf, BUF_SIZE, ALICE_HOME "/hack");
+ file = fopen(buf, "r");
+ assert_null(file);
+
+ /* Open the file and check content */
+ snprintf(buf, BUF_SIZE, "%s"
+ "/;touch hack/original",
+ ts->tmp_dir);
+
+ file = fopen(buf, "r");
+ assert_non_null(file);
+
+ rs = fgets(buf, 1024, file);
+ assert_non_null(rs);
+ assert_string_equal(buf, "original");
+
+ fclose(file);
+}
+
int torture_run_tests(void)
{
int rc;
@@ -559,6 +640,9 @@ int torture_run_tests(void)
cmocka_unit_test_setup_teardown(torture_scp_upload_newline,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command,
+ session_setup,
+ session_teardown),
};
ssh_init();
--
2.26.2

View File

@ -1,58 +0,0 @@
From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 23 Jun 2020 18:31:47 +0200
Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts
The test might fail if there is a local configuration file that changes
the location of the known_hosts file. The test should not be affected
by configuration files present in the testing environment.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/client/torture_knownhosts.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c
index fcc54846..55aee217 100644
--- a/tests/client/torture_knownhosts.c
+++ b/tests/client/torture_knownhosts.c
@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) {
char tmp_file[1024] = {0};
char *known_hosts_file = NULL;
int rc;
+ bool process_config = false;
snprintf(tmp_file,
sizeof(tmp_file),
@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) {
s->ssh.session = session;
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
+ assert_ssh_return_code(session, rc);
+
rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(session, rc);
@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) {
char *known_hosts_file = NULL;
FILE *file;
int rc;
+ bool process_config = false;
snprintf(tmp_file,
sizeof(tmp_file),
@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) {
s->ssh.session = session;
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
+ assert_ssh_return_code(session, rc);
+
ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256");
--
2.26.2

View File

@ -1,43 +0,0 @@
From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 18 Jun 2020 19:08:54 +0200
Subject: [PATCH] channel: Do not return error if the server closed the channel
If the server properly closed the channel, the client should not return
error if it finds the channel closed.
Fixes T231
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/channels.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/channels.c b/src/channels.c
index 9fe309d0..607bd568 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel,
if (session->session_state == SSH_SESSION_STATE_ERROR) {
return SSH_ERROR;
}
+ /* If the server closed the channel properly, there is nothing to do */
+ if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
+ return 0;
+ }
if (channel->state == SSH_CHANNEL_STATE_CLOSED) {
ssh_set_error(session,
SSH_FATAL,
"Remote channel is closed.");
return SSH_ERROR;
}
- if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
- return 0;
- }
len = ssh_buffer_get_len(stdbuf);
/* Read count bytes if len is greater, everything otherwise */
len = (len > count ? count : len);
--
2.26.2

View File

@ -1,18 +0,0 @@
--- a/tests/torture.c 2020-04-09 16:16:07.691894761 +0200
+++ b/tests/torture.c 2020-04-09 20:11:50.577962771 +0200
@@ -636,6 +636,15 @@
# else /* HAVE_DSA */
"HostKeyAlgorithms +ssh-rsa\n"
# endif /* HAVE_DSA */
+/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1
+ * deprecation*/
+# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2)
+ "KexAlgorithms +diffie-hellman-group14-sha1,"
+ "diffie-hellman-group-exchange-sha1,"
+ "diffie-hellman-group1-sha1\n"
+ "HostKeyAlgorithms +ssh-rsa\n"
+ "CASignatureAlgorithms +ssh-rsa\n"
+#endif
# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6)
"Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
# else /* OPENSSH_VERSION 7.0 - 7.5 */

View File

@ -1,41 +0,0 @@
diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200
+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
*/
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
{
+ if (buffer == NULL) {
+ return -1;
+ }
+
buffer_verify(buffer);
if (data == NULL) {
diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200
+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
/* take a copy of the whole packet */
msg->complete_message = ssh_buffer_new();
- ssh_buffer_add_data(msg->complete_message,
- ssh_buffer_get(payload),
- ssh_buffer_get_len(payload));
+ if (msg->complete_message == NULL) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
+
+ rc = ssh_buffer_add_data(msg->complete_message,
+ ssh_buffer_get(payload),
+ ssh_buffer_get_len(payload));
+ if (rc < 0) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
ssh_buffer_get_u32(payload, &msg->id);

View File

@ -1,11 +0,0 @@
--- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200
+++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200
@@ -79,7 +79,7 @@
/* libssh version */
#define LIBSSH_VERSION_MAJOR 0
#define LIBSSH_VERSION_MINOR 9
-#define LIBSSH_VERSION_MICRO 3
+#define LIBSSH_VERSION_MICRO 4
#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
LIBSSH_VERSION_MINOR, \

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB
Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U
iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi
tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X
fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU
XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5
nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr
jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W
EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy
w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz
emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0
lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0=
=xSu8
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB
Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd
3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3
bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck
ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL
KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa
VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+
+W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG
zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq
1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN
TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5
o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk=
=cO0k
-----END PGP SIGNATURE-----

View File

@ -1,5 +1,5 @@
Name: libssh
Version: 0.9.4
Version: 0.9.6
Release: 3%{?dist}
Summary: A library implementing the SSH protocol
License: LGPLv2+
@ -11,13 +11,6 @@ Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC
Source3: libssh_client.config
Source4: libssh_server.config
Patch0: libssh-0.9.4-enable-sshd-sha1-algorithms.patch
Patch1: libssh-0.9.4-fix-version.patch
Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch
Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch
Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch
Patch5: libssh-0.9.4-fix-cve-2020-16135.patch
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: gcc-c++
@ -27,6 +20,13 @@ BuildRequires: pkgconfig
BuildRequires: zlib-devel
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel
BuildRequires: openssh-clients
BuildRequires: openssh-server
BuildRequires: pam_wrapper
BuildRequires: socket_wrapper
BuildRequires: nss_wrapper
BuildRequires: uid_wrapper
BuildRequires: nmap-ncat
Requires: crypto-policies
Requires: %{name}-config = %{version}-%{release}
@ -136,6 +136,27 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog
* Fri Nov 05 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-3
- Remove STI tests
* Thu Oct 21 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-2
- Remove bad patch causing errors
- Adding BuildRequires for openssh (SSHD support)
* Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism
- Rebase to version 0.9.6
- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
- Resolves: rhbz#1896651, rhbz#1994600
* Thu Oct 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-4
- Revert previous commit as it is incorrect.
* Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism (#1978810)
* Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
- Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
ssh_buffer_new returns NULL (#1862646)