From 65dec4b1a2bede3f7b06c13150ca26f3c793edd6 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 10 2023 14:35:45 +0000
Subject: import libssh2-1.8.0-4.el7_9.1


---

diff --git a/SOURCES/0016-libssh2-1.8.0-CVE-2020-22218.patch b/SOURCES/0016-libssh2-1.8.0-CVE-2020-22218.patch
new file mode 100644
index 0000000..e9652ce
--- /dev/null
+++ b/SOURCES/0016-libssh2-1.8.0-CVE-2020-22218.patch
@@ -0,0 +1,12 @@
+diff -up libssh2-1.8.0/src/transport.c.diff libssh2-1.8.0/src/transport.c
+--- libssh2-1.8.0/src/transport.c.diff	2023-09-20 12:21:55.121219631 -0400
++++ libssh2-1.8.0/src/transport.c	2023-09-20 12:24:26.694051411 -0400
+@@ -460,7 +460,7 @@ int _libssh2_transport_read(LIBSSH2_SESS
+              * or less (including length, padding length, payload,
+              * padding, and MAC.)."
+              */
+-            if (total_num > LIBSSH2_PACKET_MAXPAYLOAD) {
++            if (total_num > LIBSSH2_PACKET_MAXPAYLOAD || total_num == 0) {
+                 return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
+             }
+ 
diff --git a/SPECS/libssh2.spec b/SPECS/libssh2.spec
index f704268..89e489c 100644
--- a/SPECS/libssh2.spec
+++ b/SPECS/libssh2.spec
@@ -1,6 +1,6 @@
 Name:		libssh2
 Version:	1.8.0
-Release:	4%{?dist}
+Release:	4%{?dist}.1
 Summary:	A library implementing the SSH2 protocol
 Group:		System Environment/Libraries
 License:	BSD
@@ -33,6 +33,9 @@ Patch10:    0010-libssh2-1.8.0-CVE-2019-17498.patch
 
 Patch14:	0014-libssh2-1.4.3-scp-remote-exec.patch
 Patch15:	0015-libssh2-1.4.3-debug-msgs.patch
+
+# fix use-of-uninitialized-value (CVE-2020-22218)
+Patch16:	0016-libssh2-1.8.0-CVE-2020-22218.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 
 BuildRequires:	coreutils
@@ -101,6 +104,8 @@ sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
 # session: avoid printing misleading debug messages (#1503294)
 %patch15 -p1
 
+%patch16 -p1
+
 # Make sshd transition appropriately if building in an SELinux environment
 %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
 chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
@@ -173,6 +178,9 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libssh2.pc
 
 %changelog
+* Wed Sep 20 2023 Tripp Waldrop <trwaldro@redhat.com> - 1.8.0-4.el7_9.1
+- fix use-of-uninitialized-value (CVE-2020-22218)
+
 * Wed Oct 30 2019 Kamil Dudka <kdudka@redhat.com> - 1.8.0-4
 - fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)