From 2883da75a63055868c3a5488dbbac9dcb555d708 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 06 2015 09:25:27 +0000
Subject: import libssh-0.6.4-4.el7


---

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..269dac9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/libssh-0.6.4.tar.gz
diff --git a/.libssh.metadata b/.libssh.metadata
new file mode 100644
index 0000000..63f5d23
--- /dev/null
+++ b/.libssh.metadata
@@ -0,0 +1 @@
+605227f39e94c1a186f30d164a64fdced0f22d98 SOURCES/libssh-0.6.4.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 98f42b4..0000000
--- a/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/CVE-2015-3145-libssh-0.6.x.patch b/SOURCES/CVE-2015-3145-libssh-0.6.x.patch
new file mode 100644
index 0000000..66e245d
--- /dev/null
+++ b/SOURCES/CVE-2015-3145-libssh-0.6.x.patch
@@ -0,0 +1,130 @@
+From 94f6955fbaee6fda9385a23e505497efe21f5b4f Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Wed, 15 Apr 2015 16:08:37 +0200
+Subject: [PATCH 1/2] CVE-2015-3146: Fix state validation in packet handlers
+
+The state validation in the packet handlers for SSH_MSG_NEWKEYS and
+SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.
+
+The issue has been found and reported by Mariusz Ziule.
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe)
+---
+ src/packet_cb.c | 16 ++++++++++------
+ src/server.c    |  8 +++++---
+ 2 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/src/packet_cb.c b/src/packet_cb.c
+index a10dd1a..e6c613f 100644
+--- a/src/packet_cb.c
++++ b/src/packet_cb.c
+@@ -94,7 +94,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){
+   (void)type;
+   (void)user;
+   SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_KEXDH_REPLY");
+-  if(session->session_state!= SSH_SESSION_STATE_DH &&
++  if (session->session_state != SSH_SESSION_STATE_DH ||
+ 		session->dh_handshake_state != DH_STATE_INIT_SENT){
+ 	ssh_set_error(session,SSH_FATAL,"ssh_packet_dh_reply called in wrong state : %d:%d",
+ 			session->session_state,session->dh_handshake_state);
+@@ -135,12 +135,16 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
+   (void)user;
+   (void)type;
+   SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS");
+-  if(session->session_state!= SSH_SESSION_STATE_DH &&
+-		session->dh_handshake_state != DH_STATE_NEWKEYS_SENT){
+-	ssh_set_error(session,SSH_FATAL,"ssh_packet_newkeys called in wrong state : %d:%d",
+-			session->session_state,session->dh_handshake_state);
+-	goto error;
++
++  if (session->session_state != SSH_SESSION_STATE_DH ||
++      session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) {
++      ssh_set_error(session,
++                    SSH_FATAL,
++                    "ssh_packet_newkeys called in wrong state : %d:%d",
++                    session->session_state,session->dh_handshake_state);
++      goto error;
+   }
++
+   if(session->server){
+     /* server things are done in server.c */
+     session->dh_handshake_state=DH_STATE_FINISHED;
+diff --git a/src/server.c b/src/server.c
+index 35281ca..1637cce 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -165,7 +165,7 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){
+ }
+ 
+ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
+-  int rc;
++  int rc = SSH_ERROR;
+   (void)type;
+   (void)user;
+ 
+@@ -193,9 +193,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
+         ssh_set_error(session,SSH_FATAL,"Wrong kex type in ssh_packet_kexdh_init");
+         rc = SSH_ERROR;
+   }
+-  if (rc == SSH_ERROR)
++
++error:
++  if (rc == SSH_ERROR) {
+       session->session_state = SSH_SESSION_STATE_ERROR;
+-  error:
++  }
+ 
+   return SSH_PACKET_USED;
+ }
+-- 
+2.3.5
+
+
+From e9d16bd3439205ce7e75017405b1ac6ed5ead062 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Wed, 15 Apr 2015 16:25:29 +0200
+Subject: [PATCH 2/2] buffers: Fix a possible null pointer dereference
+
+This is an addition to CVE-2015-3146 to fix the null pointer
+dereference. The patch is not required to fix the CVE but prevents
+issues in future.
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 309102547208281215e6799336b42d355cdd7c5d)
+---
+ src/buffer.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index ca12086..3bb6ec4 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -188,6 +188,10 @@ int buffer_reinit(struct ssh_buffer_struct *buffer) {
+ int buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) {
+   buffer_verify(buffer);
+ 
++  if (data == NULL) {
++      return -1;
++  }
++
+   if (buffer->used + len < len) {
+     return -1;
+   }
+@@ -221,6 +225,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer,
+     struct ssh_string_struct *string) {
+   uint32_t len = 0;
+ 
++  if (string == NULL) {
++      return -1;
++  }
++
+   len = ssh_string_len(string);
+   if (buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) {
+     return -1;
+-- 
+2.3.5
+
+
diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec
new file mode 100644
index 0000000..60d5b96
--- /dev/null
+++ b/SPECS/libssh.spec
@@ -0,0 +1,197 @@
+%define _hardened_build 1
+
+Name:           libssh
+Version:        0.6.4
+Release:        4%{?dist}
+Summary:        A library implementing the SSH protocol
+License:        LGPLv2+
+URL:            http://www.libssh.org
+Group:          System Environment/Libraries
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+Source0:        https://red.libssh.org/attachments/download/107/libssh-0.6.4.tar.gz
+Patch0:         CVE-2015-3145-libssh-0.6.x.patch
+
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  openssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  zlib-devel
+
+%description
+The ssh library was designed to be used by programmers needing a working SSH
+implementation by the mean of a library. The complete control of the client is
+made by the programmer. With libssh, you can remotely execute programs, transfer
+files, use a secure and transparent tunnel for your remote programs. With its
+Secure FTP implementation, you can play with remote files easily, without
+third-party programs others than libcrypto (from openssl).
+
+%package devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       pkgconfig
+Requires:       cmake
+
+%description devel
+The %{name}-devel package contains libraries and header files for developing
+applications that use %{name}.
+
+%prep
+%setup -q
+%patch0 -p1
+
+# Remove examples, they are not packaged and do not build on EPEL 5
+sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
+rm -rf examples
+sed -i -e 's| -pedantic-errors||g' cmake/Modules/DefineCompilerFlags.cmake
+
+%build
+if test ! -e "obj"; then
+  mkdir obj
+fi
+pushd obj
+
+%cmake \
+    %{_builddir}/%{name}-%{version}
+make %{?_smp_mflags} VERBOSE=1 CFLAGS="-no-pedantic-errors"
+make doc
+
+popd
+
+%install
+pushd obj
+make DESTDIR=%{buildroot} install
+popd
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%doc AUTHORS BSD ChangeLog COPYING README
+%{_libdir}/libssh.so.*
+%{_libdir}/libssh_threads.so.*
+
+%files devel
+%doc obj/doc/html
+%{_includedir}/libssh/callbacks.h
+%{_includedir}/libssh/legacy.h
+%{_includedir}/libssh/libssh.h
+%{_includedir}/libssh/server.h
+%{_includedir}/libssh/sftp.h
+%{_includedir}/libssh/ssh2.h
+%dir  %{_libdir}/cmake/libssh
+%{_libdir}/cmake/libssh/libssh-config-version.cmake
+%{_libdir}/cmake/libssh/libssh-config.cmake
+%{_libdir}/pkgconfig/libssh.pc
+%{_libdir}/pkgconfig/libssh_threads.pc
+%{_libdir}/libssh.so
+%{_libdir}/libssh_threads.so
+
+%changelog
+* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-4
+- Updated patch for CVE-2015-3146
+
+* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-3
+- Enable _hardened_build
+
+* Tue Apr 21 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-2
+- Security fix for CVE-2015-3145.
+
+* Wed Apr 01 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-1
+- Security fix for CVE-2014-8132.
+
+* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 0.6.3-1
+- Fix CVE-2014-0017.
+
+* Mon Feb 10 2014 - Andreas Schneider <asn@redhat.com> - 0.6.1-1
+- Update to version 0.6.1.
+- resolves: #1056757 - Fix scp mode.
+- resolves: #1053305 - Fix known_hosts heuristic.
+
+* Wed Jan 08 2014 - Andreas Schneider <asn@redhat.com> - 0.6.0-1
+- Update to 0.6.0
+
+* Fri Jul 26 2013 - Andreas Schneider <asn@redhat.com> - 0.5.5-1
+- Update to 0.5.5.
+- Clenup the spec file.
+
+* Thu Jul 18 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-5
+- Add EPEL 5 support.
+- Add Debian patches to enable Doxygen documentation.
+
+* Tue Jul 16 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-4
+- Add patch for #982685.
+
+* Mon Jun 10 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-3
+- Clean up SPEC file and fix rpmlint complaints.
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jan 23 2013 Petr Lautrbach <plautrba@redhat.com> 0.5.4-1
+- update to security 0.5.4 release
+- CVE-2013-0176 (#894407)
+
+* Tue Nov 20 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.3-1
+- update to security 0.5.3 release (#878465)
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Feb 02 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.2-1
+- update to 0.5.2 version (#730270)
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed Jun  1 2011 Jan F. Chadima <jchadima@redhat.com> - 0.5.0-1
+- bounce versionn to 0.5.0 (#709785)
+- the support for protocol v1 is disabled
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan 19 2011 Jan F. Chadima <jchadima@redhat.com> - 0.4.8-1
+- bounce versionn to 0.4.8 (#670456)
+
+* Mon Sep  6 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.6-1
+- bounce versionn to 0.4.6 (#630602)
+
+* Thu Jun  3 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.4-1
+- bounce versionn to 0.4.4 (#598592)
+
+* Wed May 19 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.3-1
+- bounce versionn to 0.4.3 (#593288)
+
+* Tue Mar 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.2-1
+- bounce versionn to 0.4.2 (#573972)
+
+* Tue Feb 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.1-1
+- bounce versionn to 0.4.1 (#565870)
+
+* Fri Dec 11 2009 Jan F. Chadima <jchadima@redhat.com> - 0.4.0-1
+- bounce versionn to 0.4.0 (#541010)
+
+* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-2
+- typo in spec file
+
+* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-1
+- bounce versionn to 0.3.92 (0.4 beta2) (#541010)
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.2-4
+- rebuilt with new openssl
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Jun 02 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-2
+- Small changes during review
+
+* Mon Jun 01 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-1
+- Initial build
+