diff --git a/.gitignore b/.gitignore index bfd0bb1..76fb7b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/libssh-0.9.4.tar.xz +SOURCES/libssh-0.9.6.tar.xz SOURCES/libssh.keyring diff --git a/.libssh.metadata b/.libssh.metadata index c453642..6b8b582 100644 --- a/.libssh.metadata +++ b/.libssh.metadata @@ -1,2 +1,2 @@ -93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz +1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz 3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring diff --git a/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch b/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch deleted file mode 100644 index ce149b4..0000000 --- a/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Fri, 19 Jun 2020 11:59:33 +0200 -Subject: [PATCH] tests: Add test for CVE-2019-14889 - -The test checks if a command appended to the file path is not executed. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Andreas Schneider ---- - tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 84 insertions(+) - -diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c -index 8f080af3..59a00bae 100644 ---- a/tests/client/torture_scp.c -+++ b/tests/client/torture_scp.c -@@ -37,6 +37,7 @@ - #define BUF_SIZE 1024 - - #define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX" -+#define ALICE_HOME BINARYDIR "/tests/home/alice" - - struct scp_st { - struct torture_state *s; -@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state) - fclose(file); - } - -+static void torture_scp_upload_appended_command(void **state) -+{ -+ struct scp_st *ts = NULL; -+ struct torture_state *s = NULL; -+ -+ ssh_session session = NULL; -+ ssh_scp scp = NULL; -+ -+ FILE *file = NULL; -+ -+ char buf[1024]; -+ char *rs = NULL; -+ int rc; -+ -+ assert_non_null(state); -+ ts = *state; -+ -+ assert_non_null(ts->s); -+ s = ts->s; -+ -+ session = s->ssh.session; -+ assert_non_null(session); -+ -+ assert_non_null(ts->tmp_dir_basename); -+ assert_non_null(ts->tmp_dir); -+ -+ /* Upload a file path with a command appended */ -+ -+ /* Append a command to the file path */ -+ snprintf(buf, BUF_SIZE, "%s" -+ "/;touch hack", -+ ts->tmp_dir); -+ -+ /* When writing the file_name must be the directory name */ -+ scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE, -+ buf); -+ assert_non_null(scp); -+ -+ rc = ssh_scp_init(scp); -+ assert_ssh_return_code(session, rc); -+ -+ /* Push directory where the new file will be copied */ -+ rc = ssh_scp_push_directory(scp, ";touch hack", 0755); -+ assert_ssh_return_code(session, rc); -+ -+ /* Try to push file */ -+ rc = ssh_scp_push_file(scp, "original", 8, 0644); -+ assert_ssh_return_code(session, rc); -+ -+ rc = ssh_scp_write(scp, "original", 8); -+ assert_ssh_return_code(session, rc); -+ -+ /* Leave the directory */ -+ rc = ssh_scp_leave_directory(scp); -+ assert_ssh_return_code(session, rc); -+ -+ /* Cleanup */ -+ ssh_scp_close(scp); -+ ssh_scp_free(scp); -+ -+ /* Make sure the command was not executed */ -+ snprintf(buf, BUF_SIZE, ALICE_HOME "/hack"); -+ file = fopen(buf, "r"); -+ assert_null(file); -+ -+ /* Open the file and check content */ -+ snprintf(buf, BUF_SIZE, "%s" -+ "/;touch hack/original", -+ ts->tmp_dir); -+ -+ file = fopen(buf, "r"); -+ assert_non_null(file); -+ -+ rs = fgets(buf, 1024, file); -+ assert_non_null(rs); -+ assert_string_equal(buf, "original"); -+ -+ fclose(file); -+} -+ - int torture_run_tests(void) - { - int rc; -@@ -559,6 +640,9 @@ int torture_run_tests(void) - cmocka_unit_test_setup_teardown(torture_scp_upload_newline, - session_setup, - session_teardown), -+ cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command, -+ session_setup, -+ session_teardown), - }; - - ssh_init(); --- -2.26.2 - diff --git a/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch b/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch deleted file mode 100644 index ac5ee0d..0000000 --- a/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch +++ /dev/null @@ -1,58 +0,0 @@ -From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Tue, 23 Jun 2020 18:31:47 +0200 -Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts - -The test might fail if there is a local configuration file that changes -the location of the known_hosts file. The test should not be affected -by configuration files present in the testing environment. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - tests/client/torture_knownhosts.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c -index fcc54846..55aee217 100644 ---- a/tests/client/torture_knownhosts.c -+++ b/tests/client/torture_knownhosts.c -@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) { - char tmp_file[1024] = {0}; - char *known_hosts_file = NULL; - int rc; -+ bool process_config = false; - - snprintf(tmp_file, - sizeof(tmp_file), -@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) { - - s->ssh.session = session; - -+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ assert_ssh_return_code(session, rc); -+ - rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER); - assert_ssh_return_code(session, rc); - -@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) { - char *known_hosts_file = NULL; - FILE *file; - int rc; -+ bool process_config = false; - - snprintf(tmp_file, - sizeof(tmp_file), -@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) { - - s->ssh.session = session; - -+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ assert_ssh_return_code(session, rc); -+ - ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER); - ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file); - rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256"); --- -2.26.2 - diff --git a/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch b/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch deleted file mode 100644 index 387b9c0..0000000 --- a/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Thu, 18 Jun 2020 19:08:54 +0200 -Subject: [PATCH] channel: Do not return error if the server closed the channel - -If the server properly closed the channel, the client should not return -error if it finds the channel closed. - -Fixes T231 - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - src/channels.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/channels.c b/src/channels.c -index 9fe309d0..607bd568 100644 ---- a/src/channels.c -+++ b/src/channels.c -@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel, - if (session->session_state == SSH_SESSION_STATE_ERROR) { - return SSH_ERROR; - } -+ /* If the server closed the channel properly, there is nothing to do */ -+ if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) { -+ return 0; -+ } - if (channel->state == SSH_CHANNEL_STATE_CLOSED) { - ssh_set_error(session, - SSH_FATAL, - "Remote channel is closed."); - return SSH_ERROR; - } -- if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) { -- return 0; -- } - len = ssh_buffer_get_len(stdbuf); - /* Read count bytes if len is greater, everything otherwise */ - len = (len > count ? count : len); --- -2.26.2 - diff --git a/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch b/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch deleted file mode 100644 index a821223..0000000 --- a/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- a/tests/torture.c 2020-04-09 16:16:07.691894761 +0200 -+++ b/tests/torture.c 2020-04-09 20:11:50.577962771 +0200 -@@ -636,6 +636,15 @@ - # else /* HAVE_DSA */ - "HostKeyAlgorithms +ssh-rsa\n" - # endif /* HAVE_DSA */ -+/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1 -+ * deprecation*/ -+# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2) -+ "KexAlgorithms +diffie-hellman-group14-sha1," -+ "diffie-hellman-group-exchange-sha1," -+ "diffie-hellman-group1-sha1\n" -+ "HostKeyAlgorithms +ssh-rsa\n" -+ "CASignatureAlgorithms +ssh-rsa\n" -+#endif - # if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) - "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n" - # else /* OPENSSH_VERSION 7.0 - 7.5 */ diff --git a/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch b/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch deleted file mode 100644 index 9221f03..0000000 --- a/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c ---- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200 -+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200 -@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_ - */ - int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) - { -+ if (buffer == NULL) { -+ return -1; -+ } -+ - buffer_verify(buffer); - - if (data == NULL) { -diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c ---- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200 -+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200 -@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess - - /* take a copy of the whole packet */ - msg->complete_message = ssh_buffer_new(); -- ssh_buffer_add_data(msg->complete_message, -- ssh_buffer_get(payload), -- ssh_buffer_get_len(payload)); -+ if (msg->complete_message == NULL) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } -+ -+ rc = ssh_buffer_add_data(msg->complete_message, -+ ssh_buffer_get(payload), -+ ssh_buffer_get_len(payload)); -+ if (rc < 0) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } - - ssh_buffer_get_u32(payload, &msg->id); - diff --git a/SOURCES/libssh-0.9.4-fix-version.patch b/SOURCES/libssh-0.9.4-fix-version.patch deleted file mode 100644 index 143e972..0000000 --- a/SOURCES/libssh-0.9.4-fix-version.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200 -+++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200 -@@ -79,7 +79,7 @@ - /* libssh version */ - #define LIBSSH_VERSION_MAJOR 0 - #define LIBSSH_VERSION_MINOR 9 --#define LIBSSH_VERSION_MICRO 3 -+#define LIBSSH_VERSION_MICRO 4 - - #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \ - LIBSSH_VERSION_MINOR, \ diff --git a/SOURCES/libssh-0.9.4.tar.xz.asc b/SOURCES/libssh-0.9.4.tar.xz.asc deleted file mode 100644 index 84b673c..0000000 --- a/SOURCES/libssh-0.9.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB -Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U -iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi -tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X -fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU -XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5 -nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr -jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W -EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy -w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz -emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0 -lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0= -=xSu8 ------END PGP SIGNATURE----- diff --git a/SOURCES/libssh-0.9.6.tar.xz.asc b/SOURCES/libssh-0.9.6.tar.xz.asc new file mode 100644 index 0000000..cbed27f --- /dev/null +++ b/SOURCES/libssh-0.9.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB +Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd +3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3 +bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck +ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL +KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa +VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+ ++W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG +zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq +1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN +TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5 +o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk= +=cO0k +-----END PGP SIGNATURE----- diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec index 0bc82e3..1695472 100644 --- a/SPECS/libssh.spec +++ b/SPECS/libssh.spec @@ -1,5 +1,5 @@ Name: libssh -Version: 0.9.4 +Version: 0.9.6 Release: 3%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ @@ -11,13 +11,6 @@ Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC Source3: libssh_client.config Source4: libssh_server.config -Patch0: libssh-0.9.4-enable-sshd-sha1-algorithms.patch -Patch1: libssh-0.9.4-fix-version.patch -Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch -Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch -Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch -Patch5: libssh-0.9.4-fix-cve-2020-16135.patch - BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -27,6 +20,13 @@ BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRequires: krb5-devel BuildRequires: libcmocka-devel +BuildRequires: openssh-clients +BuildRequires: openssh-server +BuildRequires: pam_wrapper +BuildRequires: socket_wrapper +BuildRequires: nss_wrapper +BuildRequires: uid_wrapper +BuildRequires: nmap-ncat Requires: crypto-policies Requires: %{name}-config = %{version}-%{release} @@ -136,6 +136,27 @@ popd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %changelog +* Fri Nov 05 2021 Norbert Pocs - 0.9.6-3 +- Remove STI tests + +* Thu Oct 21 2021 Norbert Pocs - 0.9.6-2 +- Remove bad patch causing errors +- Adding BuildRequires for openssh (SSHD support) + +* Thu Oct 14 2021 Norbert Pocs - 0.9.6-1 +- Fix CVE-2021-3634: Fix possible heap-buffer overflow when + rekeying with different key exchange mechanism +- Rebase to version 0.9.6 +- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c +- Resolves: rhbz#1896651, rhbz#1994600 + +* Thu Oct 14 2021 Sahana Prasad - 0.9.4-4 +- Revert previous commit as it is incorrect. + +* Thu Oct 14 2021 Norbert Pocs - 0.9.6-1 +- Fix CVE-2021-3634: Fix possible heap-buffer overflow when + rekeying with different key exchange mechanism (#1978810) + * Wed Apr 21 2021 Sahana Prasad - 0.9.4-3 - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (#1862646)