From 2883da75a63055868c3a5488dbbac9dcb555d708 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 06 2015 09:25:27 +0000 Subject: import libssh-0.6.4-4.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..269dac9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libssh-0.6.4.tar.gz diff --git a/.libssh.metadata b/.libssh.metadata new file mode 100644 index 0000000..63f5d23 --- /dev/null +++ b/.libssh.metadata @@ -0,0 +1 @@ +605227f39e94c1a186f30d164a64fdced0f22d98 SOURCES/libssh-0.6.4.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/CVE-2015-3145-libssh-0.6.x.patch b/SOURCES/CVE-2015-3145-libssh-0.6.x.patch new file mode 100644 index 0000000..66e245d --- /dev/null +++ b/SOURCES/CVE-2015-3145-libssh-0.6.x.patch @@ -0,0 +1,130 @@ +From 94f6955fbaee6fda9385a23e505497efe21f5b4f Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis +Date: Wed, 15 Apr 2015 16:08:37 +0200 +Subject: [PATCH 1/2] CVE-2015-3146: Fix state validation in packet handlers + +The state validation in the packet handlers for SSH_MSG_NEWKEYS and +SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. + +The issue has been found and reported by Mariusz Ziule. + +Signed-off-by: Aris Adamantiadis +Reviewed-by: Andreas Schneider +(cherry picked from commit bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe) +--- + src/packet_cb.c | 16 ++++++++++------ + src/server.c | 8 +++++--- + 2 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/src/packet_cb.c b/src/packet_cb.c +index a10dd1a..e6c613f 100644 +--- a/src/packet_cb.c ++++ b/src/packet_cb.c +@@ -94,7 +94,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){ + (void)type; + (void)user; + SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_KEXDH_REPLY"); +- if(session->session_state!= SSH_SESSION_STATE_DH && ++ if (session->session_state != SSH_SESSION_STATE_DH || + session->dh_handshake_state != DH_STATE_INIT_SENT){ + ssh_set_error(session,SSH_FATAL,"ssh_packet_dh_reply called in wrong state : %d:%d", + session->session_state,session->dh_handshake_state); +@@ -135,12 +135,16 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ + (void)user; + (void)type; + SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS"); +- if(session->session_state!= SSH_SESSION_STATE_DH && +- session->dh_handshake_state != DH_STATE_NEWKEYS_SENT){ +- ssh_set_error(session,SSH_FATAL,"ssh_packet_newkeys called in wrong state : %d:%d", +- session->session_state,session->dh_handshake_state); +- goto error; ++ ++ if (session->session_state != SSH_SESSION_STATE_DH || ++ session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) { ++ ssh_set_error(session, ++ SSH_FATAL, ++ "ssh_packet_newkeys called in wrong state : %d:%d", ++ session->session_state,session->dh_handshake_state); ++ goto error; + } ++ + if(session->server){ + /* server things are done in server.c */ + session->dh_handshake_state=DH_STATE_FINISHED; +diff --git a/src/server.c b/src/server.c +index 35281ca..1637cce 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -165,7 +165,7 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){ + } + + SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ +- int rc; ++ int rc = SSH_ERROR; + (void)type; + (void)user; + +@@ -193,9 +193,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ + ssh_set_error(session,SSH_FATAL,"Wrong kex type in ssh_packet_kexdh_init"); + rc = SSH_ERROR; + } +- if (rc == SSH_ERROR) ++ ++error: ++ if (rc == SSH_ERROR) { + session->session_state = SSH_SESSION_STATE_ERROR; +- error: ++ } + + return SSH_PACKET_USED; + } +-- +2.3.5 + + +From e9d16bd3439205ce7e75017405b1ac6ed5ead062 Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis +Date: Wed, 15 Apr 2015 16:25:29 +0200 +Subject: [PATCH 2/2] buffers: Fix a possible null pointer dereference + +This is an addition to CVE-2015-3146 to fix the null pointer +dereference. The patch is not required to fix the CVE but prevents +issues in future. + +Signed-off-by: Aris Adamantiadis +Reviewed-by: Andreas Schneider +(cherry picked from commit 309102547208281215e6799336b42d355cdd7c5d) +--- + src/buffer.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/buffer.c b/src/buffer.c +index ca12086..3bb6ec4 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -188,6 +188,10 @@ int buffer_reinit(struct ssh_buffer_struct *buffer) { + int buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) { + buffer_verify(buffer); + ++ if (data == NULL) { ++ return -1; ++ } ++ + if (buffer->used + len < len) { + return -1; + } +@@ -221,6 +225,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer, + struct ssh_string_struct *string) { + uint32_t len = 0; + ++ if (string == NULL) { ++ return -1; ++ } ++ + len = ssh_string_len(string); + if (buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) { + return -1; +-- +2.3.5 + + diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec new file mode 100644 index 0000000..60d5b96 --- /dev/null +++ b/SPECS/libssh.spec @@ -0,0 +1,197 @@ +%define _hardened_build 1 + +Name: libssh +Version: 0.6.4 +Release: 4%{?dist} +Summary: A library implementing the SSH protocol +License: LGPLv2+ +URL: http://www.libssh.org +Group: System Environment/Libraries +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +Source0: https://red.libssh.org/attachments/download/107/libssh-0.6.4.tar.gz +Patch0: CVE-2015-3145-libssh-0.6.x.patch + +BuildRequires: cmake +BuildRequires: doxygen +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: zlib-devel + +%description +The ssh library was designed to be used by programmers needing a working SSH +implementation by the mean of a library. The complete control of the client is +made by the programmer. With libssh, you can remotely execute programs, transfer +files, use a secure and transparent tunnel for your remote programs. With its +Secure FTP implementation, you can play with remote files easily, without +third-party programs others than libcrypto (from openssl). + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig +Requires: cmake + +%description devel +The %{name}-devel package contains libraries and header files for developing +applications that use %{name}. + +%prep +%setup -q +%patch0 -p1 + +# Remove examples, they are not packaged and do not build on EPEL 5 +sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt +rm -rf examples +sed -i -e 's| -pedantic-errors||g' cmake/Modules/DefineCompilerFlags.cmake + +%build +if test ! -e "obj"; then + mkdir obj +fi +pushd obj + +%cmake \ + %{_builddir}/%{name}-%{version} +make %{?_smp_mflags} VERBOSE=1 CFLAGS="-no-pedantic-errors" +make doc + +popd + +%install +pushd obj +make DESTDIR=%{buildroot} install +popd + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%clean +rm -rf %{buildroot} + +%files +%doc AUTHORS BSD ChangeLog COPYING README +%{_libdir}/libssh.so.* +%{_libdir}/libssh_threads.so.* + +%files devel +%doc obj/doc/html +%{_includedir}/libssh/callbacks.h +%{_includedir}/libssh/legacy.h +%{_includedir}/libssh/libssh.h +%{_includedir}/libssh/server.h +%{_includedir}/libssh/sftp.h +%{_includedir}/libssh/ssh2.h +%dir %{_libdir}/cmake/libssh +%{_libdir}/cmake/libssh/libssh-config-version.cmake +%{_libdir}/cmake/libssh/libssh-config.cmake +%{_libdir}/pkgconfig/libssh.pc +%{_libdir}/pkgconfig/libssh_threads.pc +%{_libdir}/libssh.so +%{_libdir}/libssh_threads.so + +%changelog +* Wed Apr 22 2015 - Stef Walter - 0.6.4-4 +- Updated patch for CVE-2015-3146 + +* Wed Apr 22 2015 - Stef Walter - 0.6.4-3 +- Enable _hardened_build + +* Tue Apr 21 2015 - Stef Walter - 0.6.4-2 +- Security fix for CVE-2015-3145. + +* Wed Apr 01 2015 - Stef Walter - 0.6.4-1 +- Security fix for CVE-2014-8132. + +* Tue Mar 04 2014 - Andreas Schneider - 0.6.3-1 +- Fix CVE-2014-0017. + +* Mon Feb 10 2014 - Andreas Schneider - 0.6.1-1 +- Update to version 0.6.1. +- resolves: #1056757 - Fix scp mode. +- resolves: #1053305 - Fix known_hosts heuristic. + +* Wed Jan 08 2014 - Andreas Schneider - 0.6.0-1 +- Update to 0.6.0 + +* Fri Jul 26 2013 - Andreas Schneider - 0.5.5-1 +- Update to 0.5.5. +- Clenup the spec file. + +* Thu Jul 18 2013 Simone Caronni - 0.5.4-5 +- Add EPEL 5 support. +- Add Debian patches to enable Doxygen documentation. + +* Tue Jul 16 2013 Simone Caronni - 0.5.4-4 +- Add patch for #982685. + +* Mon Jun 10 2013 Simone Caronni - 0.5.4-3 +- Clean up SPEC file and fix rpmlint complaints. + +* Thu Feb 14 2013 Fedora Release Engineering - 0.5.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 23 2013 Petr Lautrbach 0.5.4-1 +- update to security 0.5.4 release +- CVE-2013-0176 (#894407) + +* Tue Nov 20 2012 Petr Lautrbach 0.5.3-1 +- update to security 0.5.3 release (#878465) + +* Thu Jul 19 2012 Fedora Release Engineering - 0.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Feb 02 2012 Petr Lautrbach 0.5.2-1 +- update to 0.5.2 version (#730270) + +* Fri Jan 13 2012 Fedora Release Engineering - 0.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Jun 1 2011 Jan F. Chadima - 0.5.0-1 +- bounce versionn to 0.5.0 (#709785) +- the support for protocol v1 is disabled + +* Tue Feb 08 2011 Fedora Release Engineering - 0.4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 19 2011 Jan F. Chadima - 0.4.8-1 +- bounce versionn to 0.4.8 (#670456) + +* Mon Sep 6 2010 Jan F. Chadima - 0.4.6-1 +- bounce versionn to 0.4.6 (#630602) + +* Thu Jun 3 2010 Jan F. Chadima - 0.4.4-1 +- bounce versionn to 0.4.4 (#598592) + +* Wed May 19 2010 Jan F. Chadima - 0.4.3-1 +- bounce versionn to 0.4.3 (#593288) + +* Tue Mar 16 2010 Jan F. Chadima - 0.4.2-1 +- bounce versionn to 0.4.2 (#573972) + +* Tue Feb 16 2010 Jan F. Chadima - 0.4.1-1 +- bounce versionn to 0.4.1 (#565870) + +* Fri Dec 11 2009 Jan F. Chadima - 0.4.0-1 +- bounce versionn to 0.4.0 (#541010) + +* Thu Nov 26 2009 Jan F. Chadima - 0.3.92-2 +- typo in spec file + +* Thu Nov 26 2009 Jan F. Chadima - 0.3.92-1 +- bounce versionn to 0.3.92 (0.4 beta2) (#541010) + +* Fri Aug 21 2009 Tomas Mraz - 0.2-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 0.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jun 02 2009 Jan F. Chadima - 0.2-2 +- Small changes during review + +* Mon Jun 01 2009 Jan F. Chadima - 0.2-1 +- Initial build +