From 7fee315f607ff4afe6ba30b7fa092e347ef9c7f0 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 24 Feb 2016 15:10:43 +0100 Subject: [PATCH] Update to version 0.7.3 --- .gitignore | 1 + ...troduce-ssh_forward_listen-Fixes-194.patch | 28 ----- libssh-0.7.2-fix_agent_bigendian.patch | 105 ------------------ libssh.spec | 36 ++++-- sources | 2 +- 5 files changed, 27 insertions(+), 145 deletions(-) delete mode 100644 0001-Reintroduce-ssh_forward_listen-Fixes-194.patch delete mode 100644 libssh-0.7.2-fix_agent_bigendian.patch diff --git a/.gitignore b/.gitignore index 7c3cd66..94451cf 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ libssh-0.4.4.tar.gz.asc /libssh-0.7.0.tar.xz /libssh-0.7.1.tar.xz /libssh-0.7.2.tar.xz +/libssh-0.7.3.tar.xz diff --git a/0001-Reintroduce-ssh_forward_listen-Fixes-194.patch b/0001-Reintroduce-ssh_forward_listen-Fixes-194.patch deleted file mode 100644 index 030983d..0000000 --- a/0001-Reintroduce-ssh_forward_listen-Fixes-194.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 3c8fe6e2c595ee019408249c364b3019b6c31a8a Mon Sep 17 00:00:00 2001 -From: Mike DePaulo -Date: Fri, 15 May 2015 22:22:13 -0400 -Subject: [PATCH] Reintroduce ssh_forward_listen() (Fixes: #194) - ---- - src/channels.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/channels.c b/src/channels.c -index 7a4e71f..db5f83a 100644 ---- a/src/channels.c -+++ b/src/channels.c -@@ -2206,6 +2206,11 @@ error: - } - - /* DEPRECATED */ -+int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port) { -+ return ssh_channel_listen_forward(session, address, port, bound_port); -+} -+ -+/* DEPRECATED */ - ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) { - return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL); - } --- -2.1.4 - diff --git a/libssh-0.7.2-fix_agent_bigendian.patch b/libssh-0.7.2-fix_agent_bigendian.patch deleted file mode 100644 index 38137ca..0000000 --- a/libssh-0.7.2-fix_agent_bigendian.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 0425ac9ad0f8f1cefa12b448d31a400ced3e89b9 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 14 Oct 2015 20:45:49 +0200 -Subject: [PATCH] agent: Fix agent auth on big endian machines - -BUG: https://red.libssh.org/issues/204 - -Signed-off-by: Andreas Schneider ---- - ConfigureChecks.cmake | 1 + - include/libssh/priv.h | 10 ++++++++++ - src/agent.c | 17 +++++++++++++---- - 3 files changed, 24 insertions(+), 4 deletions(-) - -diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake -index c0326c2..3587b07 100644 ---- a/ConfigureChecks.cmake -+++ b/ConfigureChecks.cmake -@@ -56,6 +56,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H) - check_include_file(sys/time.h HAVE_SYS_TIME_H) - check_include_file(sys/param.h HAVE_SYS_PARAM_H) - check_include_file(arpa/inet.h HAVE_ARPA_INET_H) -+check_include_file(byteswap.h HAVE_BYTESWAP_H) - - if (WIN32) - check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H) -diff --git a/include/libssh/priv.h b/include/libssh/priv.h -index 95a22c6..b7a80fe 100644 ---- a/include/libssh/priv.h -+++ b/include/libssh/priv.h -@@ -43,6 +43,16 @@ - # endif - #endif /* !defined(HAVE_STRTOULL) */ - -+#ifdef HAVE_BYTESWAP_H -+#include -+#endif -+ -+#ifndef bswap_32 -+#define bswap_32(x) \ -+ ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \ -+ (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24)) -+#endif -+ - #ifdef _WIN32 - - /* Imitate define of inttypes.h */ -diff --git a/src/agent.c b/src/agent.c -index 922d753..e520773 100644 ---- a/src/agent.c -+++ b/src/agent.c -@@ -382,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) { - ssh_buffer_free(reply); - return -1; - } -+#ifdef WORDS_BIGENDIAN -+ type = bswap_32(type); -+#endif - - SSH_LOG(SSH_LOG_WARN, - "Answer type: %d, expected answer: %d", -@@ -392,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) { - return 0; - } else if (type != c2) { - ssh_set_error(session, SSH_FATAL, -- "Bad authentication reply message type: %d", type); -+ "Bad authentication reply message type: %u", type); - ssh_buffer_free(reply); - return -1; - } -@@ -507,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session, - ssh_buffer reply; - ssh_string key_blob; - ssh_string sig_blob; -- int type = SSH2_AGENT_FAILURE; -- int flags = 0; -+ unsigned int type = 0; -+ unsigned int flags = 0; - uint32_t dlen; - int rc; - -@@ -572,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session, - ssh_buffer_free(reply); - return NULL; - } -+#ifdef WORDS_BIGENDIAN -+ type = bswap_32(type); -+#endif - - if (agent_failed(type)) { - SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key"); - ssh_buffer_free(reply); - return NULL; - } else if (type != SSH2_AGENT_SIGN_RESPONSE) { -- ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type); -+ ssh_set_error(session, -+ SSH_FATAL, -+ "Bad authentication response: %u", -+ type); - ssh_buffer_free(reply); - return NULL; - } --- -2.5.0 - diff --git a/libssh.spec b/libssh.spec index 1740c4a..323dc14 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,21 +1,21 @@ Name: libssh -Version: 0.7.2 -Release: 3%{?dist} +Version: 0.7.3 +Release: 1%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org Group: System Environment/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Source0: https://red.libssh.org/attachments/download/177/libssh-0.7.2.tar.xz - -Patch0: libssh-0.7.2-fix_agent_bigendian.patch +Source0: https://red.libssh.org/attachments/download/195/libssh-0.7.3.tar.xz BuildRequires: cmake BuildRequires: doxygen BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: zlib-devel +BuildRequires: krb5-devel +BuildRequires: libcmocka-devel %description The ssh library was designed to be used by programmers needing a working SSH @@ -39,12 +39,6 @@ applications that use %{name}. %prep %setup -q -%patch0 -p1 -b .libssh-0.7.2-fix_agent_bigendian.patch - -# Remove examples, they are not packaged and do not build on EPEL 5 -sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt -rm -rf examples - %build if test ! -e "obj"; then mkdir obj @@ -52,6 +46,7 @@ fi pushd obj %cmake \ + -DWITH_TESTING=ON \ %{_builddir}/%{name}-%{version} make %{?_smp_mflags} VERBOSE=1 make doc @@ -63,6 +58,9 @@ pushd obj make DESTDIR=%{buildroot} install popd +rm -f %{buildroot}%{_libdir}/libssh.a +rm -f %{buildroot}%{_libdir}/libssh_threads.a + %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -70,6 +68,14 @@ popd %clean rm -rf %{buildroot} +%check +pushd obj +make test || { + cat Testing/Temporary/LastTest.log; + exit 1; +} +popd + %files %doc AUTHORS BSD ChangeLog COPYING README %{_libdir}/libssh.so.* @@ -93,6 +99,14 @@ rm -rf %{buildroot} %{_libdir}/libssh_threads.so %changelog +* Wed Feb 24 2016 Andreas Schneider - 0.7.3-1 +- resolves: #1311259 - Fix CVE-2016-0739 +- resolves: #1311332 - Update to version 0.7.3 + * Fixed CVE-2016-0739 + * Fixed ssh-agent on big endian + * Fixed some documentation issues +- Enabled GSSAPI support + * Thu Feb 04 2016 Fedora Release Engineering - 0.7.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/sources b/sources index 487b3b8..d620977 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5d7d468937649a6dfc6186edfff083db libssh-0.7.2.tar.xz +05465da8004f3258db946346213209de libssh-0.7.3.tar.xz