import libssh-0.9.6-3.el8

2022-05-10 03:15:37 -04:00 · 2022-05-10 03:15:37 -04:00 · ac133d5fb8
commit ac133d5fb8
parent eed800a0a8
11 changed files with 47 additions and 322 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/libssh-0.9.4.tar.xz
+SOURCES/libssh-0.9.6.tar.xz
 SOURCES/libssh.keyring
--- a/.libssh.metadata
+++ b/.libssh.metadata
@ -1,2 +1,2 @@
-93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz
+1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz
 3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring
--- a/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch
+++ b/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch
@ -1,125 +0,0 @@
 From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001
 From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Date: Fri, 19 Jun 2020 11:59:33 +0200
 Subject: [PATCH] tests: Add test for CVE-2019-14889
 The test checks if a command appended to the file path is not executed.
 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 ---
 tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c
 index 8f080af3..59a00bae 100644
 --- a/tests/client/torture_scp.c
 +++ b/tests/client/torture_scp.c
@@ -37,6 +37,7 @@
 #define BUF_SIZE 1024
 #define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
 +#define ALICE_HOME BINARYDIR "/tests/home/alice"
 struct scp_st {
     struct torture_state *s;
@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state)
     fclose(file);
 }
 +static void torture_scp_upload_appended_command(void **state)
 +{
 +    struct scp_st *ts = NULL;
 +    struct torture_state *s = NULL;
 +
 +    ssh_session session = NULL;
 +    ssh_scp scp = NULL;
 +
 +    FILE *file = NULL;
 +
 +    char buf[1024];
 +    char *rs = NULL;
 +    int rc;
 +
 +    assert_non_null(state);
 +    ts = *state;
 +
 +    assert_non_null(ts->s);
 +    s = ts->s;
 +
 +    session = s->ssh.session;
 +    assert_non_null(session);
 +
 +    assert_non_null(ts->tmp_dir_basename);
 +    assert_non_null(ts->tmp_dir);
 +
 +    /* Upload a file path with a command appended */
 +
 +    /* Append a command to the file path */
 +    snprintf(buf, BUF_SIZE, "%s"
 +             "/;touch hack",
 +             ts->tmp_dir);
 +
 +    /* When writing the file_name must be the directory name */
 +    scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE,
 +                      buf);
 +    assert_non_null(scp);
 +
 +    rc = ssh_scp_init(scp);
 +    assert_ssh_return_code(session, rc);
 +
 +    /* Push directory where the new file will be copied */
 +    rc = ssh_scp_push_directory(scp, ";touch hack", 0755);
 +    assert_ssh_return_code(session, rc);
 +
 +    /* Try to push file */
 +    rc = ssh_scp_push_file(scp, "original", 8, 0644);
 +    assert_ssh_return_code(session, rc);
 +
 +    rc = ssh_scp_write(scp, "original", 8);
 +    assert_ssh_return_code(session, rc);
 +
 +    /* Leave the directory */
 +    rc = ssh_scp_leave_directory(scp);
 +    assert_ssh_return_code(session, rc);
 +
 +    /* Cleanup */
 +    ssh_scp_close(scp);
 +    ssh_scp_free(scp);
 +
 +    /* Make sure the command was not executed */
 +    snprintf(buf, BUF_SIZE, ALICE_HOME "/hack");
 +    file = fopen(buf, "r");
 +    assert_null(file);
 +
 +    /* Open the file and check content */
 +    snprintf(buf, BUF_SIZE, "%s"
 +             "/;touch hack/original",
 +             ts->tmp_dir);
 +
 +    file = fopen(buf, "r");
 +    assert_non_null(file);
 +
 +    rs = fgets(buf, 1024, file);
 +    assert_non_null(rs);
 +    assert_string_equal(buf, "original");
 +
 +    fclose(file);
 +}
 +
 int torture_run_tests(void)
 {
     int rc;
@@ -559,6 +640,9 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_scp_upload_newline,
                                         session_setup,
                                         session_teardown),
 +        cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command,
 +                                        session_setup,
 +                                        session_teardown),
     };
     ssh_init();
 -- 
 2.26.2
--- a/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch
+++ b/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch
@ -1,58 +0,0 @@
 From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001
 From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Date: Tue, 23 Jun 2020 18:31:47 +0200
 Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts
 The test might fail if there is a local configuration file that changes
 the location of the known_hosts file.  The test should not be affected
 by configuration files present in the testing environment.
 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/client/torture_knownhosts.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c
 index fcc54846..55aee217 100644
 --- a/tests/client/torture_knownhosts.c
 +++ b/tests/client/torture_knownhosts.c
@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) {
     char tmp_file[1024] = {0};
     char *known_hosts_file = NULL;
     int rc;
 +    bool process_config = false;
     snprintf(tmp_file,
              sizeof(tmp_file),
@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) {
     s->ssh.session = session;
 +    rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
 +    assert_ssh_return_code(session, rc);
 +
     rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
     assert_ssh_return_code(session, rc);
@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) {
     char *known_hosts_file = NULL;
     FILE *file;
     int rc;
 +    bool process_config = false;
     snprintf(tmp_file,
              sizeof(tmp_file),
@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) {
     s->ssh.session = session;
 +    rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
 +    assert_ssh_return_code(session, rc);
 +
     ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
     ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
     rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256");
 -- 
 2.26.2
--- a/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch
+++ b/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch
@ -1,43 +0,0 @@
 From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001
 From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Date: Thu, 18 Jun 2020 19:08:54 +0200
 Subject: [PATCH] channel: Do not return error if the server closed the channel
 If the server properly closed the channel, the client should not return
 error if it finds the channel closed.
 Fixes T231
 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/channels.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/src/channels.c b/src/channels.c
 index 9fe309d0..607bd568 100644
 --- a/src/channels.c
 +++ b/src/channels.c
@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel,
   if (session->session_state == SSH_SESSION_STATE_ERROR) {
       return SSH_ERROR;
   }
 +  /* If the server closed the channel properly, there is nothing to do */
 +  if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
 +      return 0;
 +  }
   if (channel->state == SSH_CHANNEL_STATE_CLOSED) {
       ssh_set_error(session,
                     SSH_FATAL,
                     "Remote channel is closed.");
       return SSH_ERROR;
   }
 -  if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
 -    return 0;
 -  }
   len = ssh_buffer_get_len(stdbuf);
   /* Read count bytes if len is greater, everything otherwise */
   len = (len > count ? count : len);
 -- 
 2.26.2
--- a/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch
+++ b/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch
@ -1,18 +0,0 @@
 --- a/tests/torture.c	2020-04-09 16:16:07.691894761 +0200
 +++ b/tests/torture.c	2020-04-09 20:11:50.577962771 +0200
@@ -636,6 +636,15 @@
 # else /* HAVE_DSA */
              "HostKeyAlgorithms +ssh-rsa\n"
 # endif /* HAVE_DSA */
 +/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1
 + * deprecation*/
 +# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2)
 +             "KexAlgorithms +diffie-hellman-group14-sha1,"
 +             "diffie-hellman-group-exchange-sha1,"
 +             "diffie-hellman-group1-sha1\n"
 +             "HostKeyAlgorithms +ssh-rsa\n"
 +             "CASignatureAlgorithms +ssh-rsa\n"
 +#endif
 # if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6)
              "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
 # else /* OPENSSH_VERSION 7.0 - 7.5 */
--- a/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch
+++ b/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch
@ -1,41 +0,0 @@
 diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
 --- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135	2021-04-21 10:27:53.562473773 +0200
 +++ libssh-0.9.4/src/buffer.c	2021-04-21 10:29:21.768165663 +0200
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
  */
 int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
 {
 +  if (buffer == NULL) {
 +      return -1;
 +  }
 +
   buffer_verify(buffer);
   if (data == NULL) {
 diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
 --- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135	2021-04-21 10:30:43.864796642 +0200
 +++ libssh-0.9.4/src/sftpserver.c	2021-04-21 10:41:52.166933113 +0200
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
   /* take a copy of the whole packet */
   msg->complete_message = ssh_buffer_new();
 -  ssh_buffer_add_data(msg->complete_message,
 -                      ssh_buffer_get(payload),
 -                      ssh_buffer_get_len(payload));
 +  if (msg->complete_message == NULL) {
 +      ssh_set_error_oom(session);
 +      sftp_client_message_free(msg);
 +      return NULL;
 +  }
 +
 +  rc = ssh_buffer_add_data(msg->complete_message,
 +                           ssh_buffer_get(payload),
 +                           ssh_buffer_get_len(payload));
 +  if (rc < 0) {
 +      ssh_set_error_oom(session);
 +      sftp_client_message_free(msg);
 +      return NULL;
 +  }
   ssh_buffer_get_u32(payload, &msg->id);
--- a/SOURCES/libssh-0.9.4-fix-version.patch
+++ b/SOURCES/libssh-0.9.4-fix-version.patch
@ -1,11 +0,0 @@
 --- a/include/libssh/libssh.h	2020-04-15 13:38:32.899177005 +0200
 +++ b/include/libssh/libssh.h	2020-04-15 13:38:57.406454427 +0200
@@ -79,7 +79,7 @@
 /* libssh version */
 #define LIBSSH_VERSION_MAJOR  0
 #define LIBSSH_VERSION_MINOR  9
 -#define LIBSSH_VERSION_MICRO  3
 +#define LIBSSH_VERSION_MICRO  4
 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
                                            LIBSSH_VERSION_MINOR, \
--- a/SOURCES/libssh-0.9.4.tar.xz.asc
+++ b/SOURCES/libssh-0.9.4.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB
 Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U
 iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi
 tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X
 fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU
 XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5
 nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr
 jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W
 EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy
 w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz
 emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0
 lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0=
 =xSu8
 -----END PGP SIGNATURE-----
--- a/SOURCES/libssh-0.9.6.tar.xz.asc
+++ b/SOURCES/libssh-0.9.6.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB
 Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd
 3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3
 bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck
 ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL
 KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa
 VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+
 +W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG
 zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq
 1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN
 TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5
 o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk=
 =cO0k
 -----END PGP SIGNATURE-----
--- a/SPECS/libssh.spec
+++ b/SPECS/libssh.spec
@ -1,5 +1,5 @@
 Name:           libssh
-Version:        0.9.4
+Version:        0.9.6
 Release:        3%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
@ -11,13 +11,6 @@ Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC
 Source3:        libssh_client.config
 Source4:        libssh_server.config
 Patch0:         libssh-0.9.4-enable-sshd-sha1-algorithms.patch
 Patch1:         libssh-0.9.4-fix-version.patch
 Patch2:         libssh-0.9.4-do-not-return-error-server-closed-channel.patch
 Patch3:         libssh-0.9.4-add-cve-2019-14889-test.patch
 Patch4:         libssh-0.9.4-do-not-parse-config-during-tests.patch
 Patch5:         libssh-0.9.4-fix-cve-2020-16135.patch
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  gcc-c++
@ -27,6 +20,13 @@ BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  krb5-devel
 BuildRequires:  libcmocka-devel
 BuildRequires:  openssh-clients
 BuildRequires:  openssh-server
 BuildRequires:  pam_wrapper
 BuildRequires:  socket_wrapper
 BuildRequires:  nss_wrapper
 BuildRequires:  uid_wrapper
 BuildRequires:  nmap-ncat
 Requires:       crypto-policies
 Requires:       %{name}-config = %{version}-%{release}
@ -136,6 +136,27 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 %changelog
 * Fri Nov 05 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-3
 - Remove STI tests
 * Thu Oct 21 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-2
 - Remove bad patch causing errors
 - Adding BuildRequires for openssh (SSHD support)
 * Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when
  rekeying with different key exchange mechanism
 - Rebase to version 0.9.6
 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
 - Resolves: rhbz#1896651, rhbz#1994600
 * Thu Oct 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-4
 - Revert previous commit as it is incorrect.
 * Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when
  rekeying with different key exchange mechanism (#1978810)
 * Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
 - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
  ssh_buffer_new returns NULL (#1862646)
`@ -1,2 +1,2 @@`
	`SOURCES/libssh-0.9.4.tar.xz`	`SOURCES/libssh-0.9.6.tar.xz`
	`SOURCES/libssh.keyring`	`SOURCES/libssh.keyring`
`@ -1,2 +1,2 @@`
	`93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz`	`1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz`
	`3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring`	`3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring`