import libssh-0.9.6-3.el8
This commit is contained in:
parent
49720ca34c
commit
5e6e01cb81
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/libssh-0.9.4.tar.xz
|
||||
SOURCES/libssh-0.9.6.tar.xz
|
||||
SOURCES/libssh.keyring
|
||||
|
@ -1,2 +1,2 @@
|
||||
93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz
|
||||
1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz
|
||||
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring
|
||||
|
@ -1,125 +0,0 @@
|
||||
From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Fri, 19 Jun 2020 11:59:33 +0200
|
||||
Subject: [PATCH] tests: Add test for CVE-2019-14889
|
||||
|
||||
The test checks if a command appended to the file path is not executed.
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 84 insertions(+)
|
||||
|
||||
diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c
|
||||
index 8f080af3..59a00bae 100644
|
||||
--- a/tests/client/torture_scp.c
|
||||
+++ b/tests/client/torture_scp.c
|
||||
@@ -37,6 +37,7 @@
|
||||
#define BUF_SIZE 1024
|
||||
|
||||
#define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
|
||||
+#define ALICE_HOME BINARYDIR "/tests/home/alice"
|
||||
|
||||
struct scp_st {
|
||||
struct torture_state *s;
|
||||
@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state)
|
||||
fclose(file);
|
||||
}
|
||||
|
||||
+static void torture_scp_upload_appended_command(void **state)
|
||||
+{
|
||||
+ struct scp_st *ts = NULL;
|
||||
+ struct torture_state *s = NULL;
|
||||
+
|
||||
+ ssh_session session = NULL;
|
||||
+ ssh_scp scp = NULL;
|
||||
+
|
||||
+ FILE *file = NULL;
|
||||
+
|
||||
+ char buf[1024];
|
||||
+ char *rs = NULL;
|
||||
+ int rc;
|
||||
+
|
||||
+ assert_non_null(state);
|
||||
+ ts = *state;
|
||||
+
|
||||
+ assert_non_null(ts->s);
|
||||
+ s = ts->s;
|
||||
+
|
||||
+ session = s->ssh.session;
|
||||
+ assert_non_null(session);
|
||||
+
|
||||
+ assert_non_null(ts->tmp_dir_basename);
|
||||
+ assert_non_null(ts->tmp_dir);
|
||||
+
|
||||
+ /* Upload a file path with a command appended */
|
||||
+
|
||||
+ /* Append a command to the file path */
|
||||
+ snprintf(buf, BUF_SIZE, "%s"
|
||||
+ "/;touch hack",
|
||||
+ ts->tmp_dir);
|
||||
+
|
||||
+ /* When writing the file_name must be the directory name */
|
||||
+ scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE,
|
||||
+ buf);
|
||||
+ assert_non_null(scp);
|
||||
+
|
||||
+ rc = ssh_scp_init(scp);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
+ /* Push directory where the new file will be copied */
|
||||
+ rc = ssh_scp_push_directory(scp, ";touch hack", 0755);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
+ /* Try to push file */
|
||||
+ rc = ssh_scp_push_file(scp, "original", 8, 0644);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
+ rc = ssh_scp_write(scp, "original", 8);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
+ /* Leave the directory */
|
||||
+ rc = ssh_scp_leave_directory(scp);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
+ /* Cleanup */
|
||||
+ ssh_scp_close(scp);
|
||||
+ ssh_scp_free(scp);
|
||||
+
|
||||
+ /* Make sure the command was not executed */
|
||||
+ snprintf(buf, BUF_SIZE, ALICE_HOME "/hack");
|
||||
+ file = fopen(buf, "r");
|
||||
+ assert_null(file);
|
||||
+
|
||||
+ /* Open the file and check content */
|
||||
+ snprintf(buf, BUF_SIZE, "%s"
|
||||
+ "/;touch hack/original",
|
||||
+ ts->tmp_dir);
|
||||
+
|
||||
+ file = fopen(buf, "r");
|
||||
+ assert_non_null(file);
|
||||
+
|
||||
+ rs = fgets(buf, 1024, file);
|
||||
+ assert_non_null(rs);
|
||||
+ assert_string_equal(buf, "original");
|
||||
+
|
||||
+ fclose(file);
|
||||
+}
|
||||
+
|
||||
int torture_run_tests(void)
|
||||
{
|
||||
int rc;
|
||||
@@ -559,6 +640,9 @@ int torture_run_tests(void)
|
||||
cmocka_unit_test_setup_teardown(torture_scp_upload_newline,
|
||||
session_setup,
|
||||
session_teardown),
|
||||
+ cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command,
|
||||
+ session_setup,
|
||||
+ session_teardown),
|
||||
};
|
||||
|
||||
ssh_init();
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,58 +0,0 @@
|
||||
From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Tue, 23 Jun 2020 18:31:47 +0200
|
||||
Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts
|
||||
|
||||
The test might fail if there is a local configuration file that changes
|
||||
the location of the known_hosts file. The test should not be affected
|
||||
by configuration files present in the testing environment.
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
tests/client/torture_knownhosts.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c
|
||||
index fcc54846..55aee217 100644
|
||||
--- a/tests/client/torture_knownhosts.c
|
||||
+++ b/tests/client/torture_knownhosts.c
|
||||
@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) {
|
||||
char tmp_file[1024] = {0};
|
||||
char *known_hosts_file = NULL;
|
||||
int rc;
|
||||
+ bool process_config = false;
|
||||
|
||||
snprintf(tmp_file,
|
||||
sizeof(tmp_file),
|
||||
@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) {
|
||||
|
||||
s->ssh.session = session;
|
||||
|
||||
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
|
||||
assert_ssh_return_code(session, rc);
|
||||
|
||||
@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) {
|
||||
char *known_hosts_file = NULL;
|
||||
FILE *file;
|
||||
int rc;
|
||||
+ bool process_config = false;
|
||||
|
||||
snprintf(tmp_file,
|
||||
sizeof(tmp_file),
|
||||
@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) {
|
||||
|
||||
s->ssh.session = session;
|
||||
|
||||
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
|
||||
+ assert_ssh_return_code(session, rc);
|
||||
+
|
||||
ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
|
||||
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
|
||||
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256");
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,43 +0,0 @@
|
||||
From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001
|
||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Date: Thu, 18 Jun 2020 19:08:54 +0200
|
||||
Subject: [PATCH] channel: Do not return error if the server closed the channel
|
||||
|
||||
If the server properly closed the channel, the client should not return
|
||||
error if it finds the channel closed.
|
||||
|
||||
Fixes T231
|
||||
|
||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
src/channels.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/channels.c b/src/channels.c
|
||||
index 9fe309d0..607bd568 100644
|
||||
--- a/src/channels.c
|
||||
+++ b/src/channels.c
|
||||
@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel,
|
||||
if (session->session_state == SSH_SESSION_STATE_ERROR) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
+ /* If the server closed the channel properly, there is nothing to do */
|
||||
+ if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
if (channel->state == SSH_CHANNEL_STATE_CLOSED) {
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"Remote channel is closed.");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
- if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
|
||||
- return 0;
|
||||
- }
|
||||
len = ssh_buffer_get_len(stdbuf);
|
||||
/* Read count bytes if len is greater, everything otherwise */
|
||||
len = (len > count ? count : len);
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,18 +0,0 @@
|
||||
--- a/tests/torture.c 2020-04-09 16:16:07.691894761 +0200
|
||||
+++ b/tests/torture.c 2020-04-09 20:11:50.577962771 +0200
|
||||
@@ -636,6 +636,15 @@
|
||||
# else /* HAVE_DSA */
|
||||
"HostKeyAlgorithms +ssh-rsa\n"
|
||||
# endif /* HAVE_DSA */
|
||||
+/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1
|
||||
+ * deprecation*/
|
||||
+# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2)
|
||||
+ "KexAlgorithms +diffie-hellman-group14-sha1,"
|
||||
+ "diffie-hellman-group-exchange-sha1,"
|
||||
+ "diffie-hellman-group1-sha1\n"
|
||||
+ "HostKeyAlgorithms +ssh-rsa\n"
|
||||
+ "CASignatureAlgorithms +ssh-rsa\n"
|
||||
+#endif
|
||||
# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6)
|
||||
"Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
|
||||
# else /* OPENSSH_VERSION 7.0 - 7.5 */
|
@ -1,41 +0,0 @@
|
||||
diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
|
||||
--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200
|
||||
+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200
|
||||
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
|
||||
*/
|
||||
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
|
||||
{
|
||||
+ if (buffer == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
buffer_verify(buffer);
|
||||
|
||||
if (data == NULL) {
|
||||
diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
|
||||
--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200
|
||||
+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200
|
||||
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
|
||||
|
||||
/* take a copy of the whole packet */
|
||||
msg->complete_message = ssh_buffer_new();
|
||||
- ssh_buffer_add_data(msg->complete_message,
|
||||
- ssh_buffer_get(payload),
|
||||
- ssh_buffer_get_len(payload));
|
||||
+ if (msg->complete_message == NULL) {
|
||||
+ ssh_set_error_oom(session);
|
||||
+ sftp_client_message_free(msg);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ rc = ssh_buffer_add_data(msg->complete_message,
|
||||
+ ssh_buffer_get(payload),
|
||||
+ ssh_buffer_get_len(payload));
|
||||
+ if (rc < 0) {
|
||||
+ ssh_set_error_oom(session);
|
||||
+ sftp_client_message_free(msg);
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
||||
ssh_buffer_get_u32(payload, &msg->id);
|
||||
|
@ -1,11 +0,0 @@
|
||||
--- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200
|
||||
+++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200
|
||||
@@ -79,7 +79,7 @@
|
||||
/* libssh version */
|
||||
#define LIBSSH_VERSION_MAJOR 0
|
||||
#define LIBSSH_VERSION_MINOR 9
|
||||
-#define LIBSSH_VERSION_MICRO 3
|
||||
+#define LIBSSH_VERSION_MICRO 4
|
||||
|
||||
#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
|
||||
LIBSSH_VERSION_MINOR, \
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB
|
||||
Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U
|
||||
iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi
|
||||
tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X
|
||||
fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU
|
||||
XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5
|
||||
nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr
|
||||
jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W
|
||||
EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy
|
||||
w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz
|
||||
emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0
|
||||
lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0=
|
||||
=xSu8
|
||||
-----END PGP SIGNATURE-----
|
16
SOURCES/libssh-0.9.6.tar.xz.asc
Normal file
16
SOURCES/libssh-0.9.6.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB
|
||||
Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd
|
||||
3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3
|
||||
bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck
|
||||
ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL
|
||||
KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa
|
||||
VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+
|
||||
+W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG
|
||||
zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq
|
||||
1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN
|
||||
TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5
|
||||
o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk=
|
||||
=cO0k
|
||||
-----END PGP SIGNATURE-----
|
@ -1,5 +1,5 @@
|
||||
Name: libssh
|
||||
Version: 0.9.4
|
||||
Version: 0.9.6
|
||||
Release: 3%{?dist}
|
||||
Summary: A library implementing the SSH protocol
|
||||
License: LGPLv2+
|
||||
@ -11,13 +11,6 @@ Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC
|
||||
Source3: libssh_client.config
|
||||
Source4: libssh_server.config
|
||||
|
||||
Patch0: libssh-0.9.4-enable-sshd-sha1-algorithms.patch
|
||||
Patch1: libssh-0.9.4-fix-version.patch
|
||||
Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch
|
||||
Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch
|
||||
Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch
|
||||
Patch5: libssh-0.9.4-fix-cve-2020-16135.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: gcc-c++
|
||||
@ -27,6 +20,13 @@ BuildRequires: pkgconfig
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcmocka-devel
|
||||
BuildRequires: openssh-clients
|
||||
BuildRequires: openssh-server
|
||||
BuildRequires: pam_wrapper
|
||||
BuildRequires: socket_wrapper
|
||||
BuildRequires: nss_wrapper
|
||||
BuildRequires: uid_wrapper
|
||||
BuildRequires: nmap-ncat
|
||||
|
||||
Requires: crypto-policies
|
||||
Requires: %{name}-config = %{version}-%{release}
|
||||
@ -136,6 +136,27 @@ popd
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
|
||||
|
||||
%changelog
|
||||
* Fri Nov 05 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-3
|
||||
- Remove STI tests
|
||||
|
||||
* Thu Oct 21 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-2
|
||||
- Remove bad patch causing errors
|
||||
- Adding BuildRequires for openssh (SSHD support)
|
||||
|
||||
* Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
|
||||
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
|
||||
rekeying with different key exchange mechanism
|
||||
- Rebase to version 0.9.6
|
||||
- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
|
||||
- Resolves: rhbz#1896651, rhbz#1994600
|
||||
|
||||
* Thu Oct 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-4
|
||||
- Revert previous commit as it is incorrect.
|
||||
|
||||
* Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
|
||||
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
|
||||
rekeying with different key exchange mechanism (#1978810)
|
||||
|
||||
* Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
|
||||
- Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
|
||||
ssh_buffer_new returns NULL (#1862646)
|
||||
|
Loading…
Reference in New Issue
Block a user