Update to version 0.7.3

This commit is contained in:
Andreas Schneider 2016-02-24 15:10:43 +01:00
parent 627452c5f4
commit 7fee315f60
5 changed files with 27 additions and 145 deletions

1
.gitignore vendored
View File

@ -22,3 +22,4 @@ libssh-0.4.4.tar.gz.asc
/libssh-0.7.0.tar.xz /libssh-0.7.0.tar.xz
/libssh-0.7.1.tar.xz /libssh-0.7.1.tar.xz
/libssh-0.7.2.tar.xz /libssh-0.7.2.tar.xz
/libssh-0.7.3.tar.xz

View File

@ -1,28 +0,0 @@
From 3c8fe6e2c595ee019408249c364b3019b6c31a8a Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Fri, 15 May 2015 22:22:13 -0400
Subject: [PATCH] Reintroduce ssh_forward_listen() (Fixes: #194)
---
src/channels.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/channels.c b/src/channels.c
index 7a4e71f..db5f83a 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -2206,6 +2206,11 @@ error:
}
/* DEPRECATED */
+int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port) {
+ return ssh_channel_listen_forward(session, address, port, bound_port);
+}
+
+/* DEPRECATED */
ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
}
--
2.1.4

View File

@ -1,105 +0,0 @@
From 0425ac9ad0f8f1cefa12b448d31a400ced3e89b9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 14 Oct 2015 20:45:49 +0200
Subject: [PATCH] agent: Fix agent auth on big endian machines
BUG: https://red.libssh.org/issues/204
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
ConfigureChecks.cmake | 1 +
include/libssh/priv.h | 10 ++++++++++
src/agent.c | 17 +++++++++++++----
3 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index c0326c2..3587b07 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -56,6 +56,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H)
check_include_file(sys/time.h HAVE_SYS_TIME_H)
check_include_file(sys/param.h HAVE_SYS_PARAM_H)
check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
+check_include_file(byteswap.h HAVE_BYTESWAP_H)
if (WIN32)
check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
diff --git a/include/libssh/priv.h b/include/libssh/priv.h
index 95a22c6..b7a80fe 100644
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@@ -43,6 +43,16 @@
# endif
#endif /* !defined(HAVE_STRTOULL) */
+#ifdef HAVE_BYTESWAP_H
+#include <byteswap.h>
+#endif
+
+#ifndef bswap_32
+#define bswap_32(x) \
+ ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
+ (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
+#endif
+
#ifdef _WIN32
/* Imitate define of inttypes.h */
diff --git a/src/agent.c b/src/agent.c
index 922d753..e520773 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -382,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
ssh_buffer_free(reply);
return -1;
}
+#ifdef WORDS_BIGENDIAN
+ type = bswap_32(type);
+#endif
SSH_LOG(SSH_LOG_WARN,
"Answer type: %d, expected answer: %d",
@@ -392,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
return 0;
} else if (type != c2) {
ssh_set_error(session, SSH_FATAL,
- "Bad authentication reply message type: %d", type);
+ "Bad authentication reply message type: %u", type);
ssh_buffer_free(reply);
return -1;
}
@@ -507,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
ssh_buffer reply;
ssh_string key_blob;
ssh_string sig_blob;
- int type = SSH2_AGENT_FAILURE;
- int flags = 0;
+ unsigned int type = 0;
+ unsigned int flags = 0;
uint32_t dlen;
int rc;
@@ -572,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
ssh_buffer_free(reply);
return NULL;
}
+#ifdef WORDS_BIGENDIAN
+ type = bswap_32(type);
+#endif
if (agent_failed(type)) {
SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
ssh_buffer_free(reply);
return NULL;
} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
- ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type);
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Bad authentication response: %u",
+ type);
ssh_buffer_free(reply);
return NULL;
}
--
2.5.0

View File

@ -1,21 +1,21 @@
Name: libssh Name: libssh
Version: 0.7.2 Version: 0.7.3
Release: 3%{?dist} Release: 1%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
Group: System Environment/Libraries Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: https://red.libssh.org/attachments/download/177/libssh-0.7.2.tar.xz Source0: https://red.libssh.org/attachments/download/195/libssh-0.7.3.tar.xz
Patch0: libssh-0.7.2-fix_agent_bigendian.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel
%description %description
The ssh library was designed to be used by programmers needing a working SSH The ssh library was designed to be used by programmers needing a working SSH
@ -39,12 +39,6 @@ applications that use %{name}.
%prep %prep
%setup -q %setup -q
%patch0 -p1 -b .libssh-0.7.2-fix_agent_bigendian.patch
# Remove examples, they are not packaged and do not build on EPEL 5
sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
rm -rf examples
%build %build
if test ! -e "obj"; then if test ! -e "obj"; then
mkdir obj mkdir obj
@ -52,6 +46,7 @@ fi
pushd obj pushd obj
%cmake \ %cmake \
-DWITH_TESTING=ON \
%{_builddir}/%{name}-%{version} %{_builddir}/%{name}-%{version}
make %{?_smp_mflags} VERBOSE=1 make %{?_smp_mflags} VERBOSE=1
make doc make doc
@ -63,6 +58,9 @@ pushd obj
make DESTDIR=%{buildroot} install make DESTDIR=%{buildroot} install
popd popd
rm -f %{buildroot}%{_libdir}/libssh.a
rm -f %{buildroot}%{_libdir}/libssh_threads.a
%post -p /sbin/ldconfig %post -p /sbin/ldconfig
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
@ -70,6 +68,14 @@ popd
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
%check
pushd obj
make test || {
cat Testing/Temporary/LastTest.log;
exit 1;
}
popd
%files %files
%doc AUTHORS BSD ChangeLog COPYING README %doc AUTHORS BSD ChangeLog COPYING README
%{_libdir}/libssh.so.* %{_libdir}/libssh.so.*
@ -93,6 +99,14 @@ rm -rf %{buildroot}
%{_libdir}/libssh_threads.so %{_libdir}/libssh_threads.so
%changelog %changelog
* Wed Feb 24 2016 Andreas Schneider <asn@redhat.com> - 0.7.3-1
- resolves: #1311259 - Fix CVE-2016-0739
- resolves: #1311332 - Update to version 0.7.3
* Fixed CVE-2016-0739
* Fixed ssh-agent on big endian
* Fixed some documentation issues
- Enabled GSSAPI support
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

View File

@ -1 +1 @@
5d7d468937649a6dfc6186edfff083db libssh-0.7.2.tar.xz 05465da8004f3258db946346213209de libssh-0.7.3.tar.xz