diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f89838b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libssh2-1.8.0.tar.gz diff --git a/.libssh2.metadata b/.libssh2.metadata new file mode 100644 index 0000000..121a71c --- /dev/null +++ b/.libssh2.metadata @@ -0,0 +1 @@ +baf2d1fb338eee531ba9b6b121c64235e089e0f5 SOURCES/libssh2-1.8.0.tar.gz diff --git a/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch b/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch new file mode 100644 index 0000000..746b515 --- /dev/null +++ b/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch @@ -0,0 +1,33 @@ +From db657a96ca37d87cceff14db66645ba17024803c Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:16:53 +0100 +Subject: [PATCH] Resolves: CVE-2019-3855 - fix integer overflow in transport read + +... resulting in out of bounds write + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch +--- + src/transport.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/transport.c b/src/transport.c +index 8725da0..5349284 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -434,8 +434,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + * and we can extract packet and padding length from it + */ + p->packet_length = _libssh2_ntohu32(block); +- if (p->packet_length < 1) ++ if(p->packet_length < 1) { + return LIBSSH2_ERROR_DECRYPT; ++ } ++ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) { ++ return LIBSSH2_ERROR_OUT_OF_BOUNDARY; ++ } + + p->padding_length = block[4]; + +-- +2.17.2 + diff --git a/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch b/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch new file mode 100644 index 0000000..a6881dd --- /dev/null +++ b/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch @@ -0,0 +1,45 @@ +From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 11 Sep 2017 21:13:45 +0200 +Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208) + +It breaks SCP download/upload from/to certain server implementations. + +The bug does not manifest with OpenSSH, which silently drops the NUL +byte (eventually with any garbage that follows the NUL byte) before +executing it. + +Bug: https://bugzilla.redhat.com/1489736 +--- + src/scp.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/scp.c b/src/scp.c +index 22778dd..d1665a6 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb) + &session->scpRecv_command[cmd_len], + session->scpRecv_command_len - cmd_len); + +- session->scpRecv_command[cmd_len] = '\0'; +- session->scpRecv_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpRecv_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP receive"); +@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + &session->scpSend_command[cmd_len], + session->scpSend_command_len - cmd_len); + +- session->scpSend_command[cmd_len] = '\0'; +- session->scpSend_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpSend_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP send"); +-- +2.9.5 + diff --git a/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch b/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch new file mode 100644 index 0000000..40c9e9b --- /dev/null +++ b/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch @@ -0,0 +1,44 @@ +From cc573aafb6f4b24bce9b82f308e92b9723a73024 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:22:24 +0100 +Subject: [PATCH] Resolves: CVE-2019-3856 - fix integer overflow in keyboard + interactive handling + +... resulting in out of bounds write + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch + +I believe that: + + `(session->userauth_kybd_num_prompts && session->userauth_kybd_num_prompts > 100)` + +... can be simplified as: + + `(session->userauth_kybd_num_prompts > 100)` + +Signed-off-by: Kamil Dudka +--- + src/userauth.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/userauth.c b/src/userauth.c +index cdfa25e..3946cf9 100644 +--- a/src/userauth.c ++++ b/src/userauth.c +@@ -1734,6 +1734,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, + /* int num-prompts */ + session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); + s += 4; ++ if(session->userauth_kybd_num_prompts && ++ session->userauth_kybd_num_prompts > 100) { ++ _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY, ++ "Too many replies for " ++ "keyboard-interactive prompts"); ++ goto cleanup; ++ } + + if(session->userauth_kybd_num_prompts) { + session->userauth_kybd_prompts = +-- +2.17.2 + diff --git a/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch b/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch new file mode 100644 index 0000000..ea264d2 --- /dev/null +++ b/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch @@ -0,0 +1,124 @@ +From cbd8d5c44701f97eccd6602e3d745fc37a8d7ff4 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:29:35 +0100 +Subject: [PATCH 1/2] Resolves: CVE-2019-3857 - fix integer overflow in SSH + packet processing channel + +... resulting in out of bounds write + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch +--- + include/libssh2.h | 12 ++++++++++++ + src/packet.c | 11 +++++++++-- + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/include/libssh2.h b/include/libssh2.h +index 34d2842..e25c380 100644 +--- a/include/libssh2.h ++++ b/include/libssh2.h +@@ -145,6 +145,18 @@ typedef int libssh2_socket_t; + #define LIBSSH2_INVALID_SOCKET -1 + #endif /* WIN32 */ + ++#ifndef SIZE_MAX ++#if _WIN64 ++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF ++#else ++#define SIZE_MAX 0xFFFFFFFF ++#endif ++#endif ++ ++#ifndef UINT_MAX ++#define UINT_MAX 0xFFFFFFFF ++#endif ++ + /* + * Determine whether there is small or large file support on windows. + */ +diff --git a/src/packet.c b/src/packet.c +index 5f1feb8..aa10633 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + /* set signal name (without SIG prefix) */ + uint32_t namelen = + _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); +- channelp->exit_signal = +- LIBSSH2_ALLOC(session, namelen + 1); ++ ++ if(namelen <= UINT_MAX - 1) { ++ channelp->exit_signal = ++ LIBSSH2_ALLOC(session, namelen + 1); ++ } ++ else { ++ channelp->exit_signal = NULL; ++ } ++ + if (!channelp->exit_signal) + rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "memory for signal name"); +-- +2.17.2 + + +From 0708c71871976ccf6d45fd0971a079d271413f92 Mon Sep 17 00:00:00 2001 +From: Michael Buckley +Date: Mon, 18 Mar 2019 15:07:12 -0700 +Subject: [PATCH 2/2] Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h + +Upstream-commit: 31d0b1a8530b959bd12c2074dc6e883e1eda8207 +Signed-off-by: Kamil Dudka +--- + include/libssh2.h | 12 ------------ + src/libssh2_priv.h | 12 ++++++++++++ + 2 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/include/libssh2.h b/include/libssh2.h +index e25c380..34d2842 100644 +--- a/include/libssh2.h ++++ b/include/libssh2.h +@@ -145,18 +145,6 @@ typedef int libssh2_socket_t; + #define LIBSSH2_INVALID_SOCKET -1 + #endif /* WIN32 */ + +-#ifndef SIZE_MAX +-#if _WIN64 +-#define SIZE_MAX 0xFFFFFFFFFFFFFFFF +-#else +-#define SIZE_MAX 0xFFFFFFFF +-#endif +-#endif +- +-#ifndef UINT_MAX +-#define UINT_MAX 0xFFFFFFFF +-#endif +- + /* + * Determine whether there is small or large file support on windows. + */ +diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h +index b4296a2..bb5d1a5 100644 +--- a/src/libssh2_priv.h ++++ b/src/libssh2_priv.h +@@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs) + + #endif + ++#ifndef SIZE_MAX ++#if _WIN64 ++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF ++#else ++#define SIZE_MAX 0xFFFFFFFF ++#endif ++#endif ++ ++#ifndef UINT_MAX ++#define UINT_MAX 0xFFFFFFFF ++#endif ++ + /* RFC4253 section 6.1 Maximum Packet Length says: + * + * "All implementations MUST be able to process packets with +-- +2.17.2 + diff --git a/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch b/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch new file mode 100644 index 0000000..04914c5 --- /dev/null +++ b/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch @@ -0,0 +1,30 @@ +From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:32:05 +0100 +Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation + +... with a specially crafted SFTP packet leading to an out-of-bounds read + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch +--- + src/sftp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/sftp.c b/src/sftp.c +index 7c44116..65cef85 100644 +--- a/src/sftp.c ++++ b/src/sftp.c +@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp) + return _libssh2_error(session, + LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED, + "SFTP packet too large"); ++ if (sftp->partial_len == 0) ++ return _libssh2_error(session, ++ LIBSSH2_ERROR_ALLOC, ++ "Unable to allocate empty SFTP packet"); + + _libssh2_debug(session, LIBSSH2_TRACE_SFTP, + "Data begin - Packet Length: %lu", +-- +2.17.2 + diff --git a/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch b/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch new file mode 100644 index 0000000..d40bb71 --- /dev/null +++ b/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch @@ -0,0 +1,28 @@ +From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:43:34 +0100 +Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with + specially crafted SSH packets + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch +--- + src/transport.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/transport.c b/src/transport.c +index 5349284..6224c4f 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + } + + p->padding_length = block[4]; ++ if ( p->padding_length > p->packet_length - 1 ) { ++ return LIBSSH2_ERROR_DECRYPT; ++ } + + /* total_num is the number of bytes following the initial + (5 bytes) packet length and padding length fields */ +-- +2.17.2 + diff --git a/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch b/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch new file mode 100644 index 0000000..f1632a5 --- /dev/null +++ b/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch @@ -0,0 +1,75 @@ +From 0e4e9825e637a15707a910539d71fe65e7e12d7b Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:45:22 +0100 +Subject: [PATCH] Resolves: CVE-2019-3862 - fix out-of-bounds memory comparison + +... with specially crafted message channel request + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch +--- + src/packet.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index aa10633..c950b5d 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -775,8 +775,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + uint32_t len = _libssh2_ntohu32(data + 5); + unsigned char want_reply = 1; + +- if(len < (datalen - 10)) +- want_reply = data[9 + len]; ++ if((len + 9) < datalen) ++ want_reply = data[len + 9]; + + _libssh2_debug(session, + LIBSSH2_TRACE_CONN, +@@ -784,6 +784,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + channel, len, data + 9, want_reply); + + if (len == sizeof("exit-status") - 1 ++ && (sizeof("exit-status") - 1 + 9) <= datalen + && !memcmp("exit-status", data + 9, + sizeof("exit-status") - 1)) { + +@@ -792,7 +793,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + channelp = + _libssh2_channel_locate(session, channel); + +- if (channelp) { ++ if (channelp && (sizeof("exit-status") + 13) <= datalen) { + channelp->exit_status = + _libssh2_ntohu32(data + 9 + sizeof("exit-status")); + _libssh2_debug(session, LIBSSH2_TRACE_CONN, +@@ -805,13 +806,14 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + + } + else if (len == sizeof("exit-signal") - 1 ++ && (sizeof("exit-signal") - 1 + 9) <= datalen + && !memcmp("exit-signal", data + 9, + sizeof("exit-signal") - 1)) { + /* command terminated due to signal */ + if(datalen >= 20) + channelp = _libssh2_channel_locate(session, channel); + +- if (channelp) { ++ if (channelp && (sizeof("exit-signal") + 13) <= datalen) { + /* set signal name (without SIG prefix) */ + uint32_t namelen = + _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); +@@ -827,9 +829,9 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + if (!channelp->exit_signal) + rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "memory for signal name"); +- else { ++ else if ((sizeof("exit-signal") + 13 + namelen <= datalen)) { + memcpy(channelp->exit_signal, +- data + 13 + sizeof("exit_signal"), namelen); ++ data + 13 + sizeof("exit-signal"), namelen); + channelp->exit_signal[namelen] = '\0'; + /* TODO: save error message and language tag */ + _libssh2_debug(session, LIBSSH2_TRACE_CONN, +-- +2.17.2 + diff --git a/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch b/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch new file mode 100644 index 0000000..77615fd --- /dev/null +++ b/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch @@ -0,0 +1,40 @@ +From 9ed3c716b63c77e9b52f71f2dae5464ade6143df Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 19 Mar 2019 13:47:41 +0100 +Subject: [PATCH] Resolves: CVE-2019-3863 - fix integer overflow in user + authenticate keyboard interactive + +... that allows out-of-bounds writes + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch +--- + src/userauth.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/userauth.c b/src/userauth.c +index 3946cf9..ee924c5 100644 +--- a/src/userauth.c ++++ b/src/userauth.c +@@ -1808,8 +1808,17 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, + + for(i = 0; i < session->userauth_kybd_num_prompts; i++) { + /* string response[1] (ISO-10646 UTF-8) */ +- session->userauth_kybd_packet_len += +- 4 + session->userauth_kybd_responses[i].length; ++ if(session->userauth_kybd_responses[i].length <= ++ (SIZE_MAX - 4 - session->userauth_kybd_packet_len) ) { ++ session->userauth_kybd_packet_len += ++ 4 + session->userauth_kybd_responses[i].length; ++ } ++ else { ++ _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ++ "Unable to allocate memory for keyboard-" ++ "interactive response packet"); ++ goto cleanup; ++ } + } + + /* A new userauth_kybd_data area is to be allocated, free the +-- +2.17.2 + diff --git a/SPECS/libssh2.spec b/SPECS/libssh2.spec new file mode 100644 index 0000000..fdf8594 --- /dev/null +++ b/SPECS/libssh2.spec @@ -0,0 +1,488 @@ +Name: libssh2 +Version: 1.8.0 +Release: 8%{?dist} +Summary: A library implementing the SSH2 protocol +License: BSD +URL: http://www.libssh2.org/ +Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz + +# fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) +Patch1: 0001-libssh2-1.8.0-CVE-2019-3855.patch + +# fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) +Patch2: 0002-libssh2-1.8.0-CVE-2019-3856.patch + +# fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) +Patch3: 0003-libssh2-1.8.0-CVE-2019-3857.patch + +# fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) +Patch4: 0004-libssh2-1.8.0-CVE-2019-3858.patch + +# fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) +Patch7: 0007-libssh2-1.8.0-CVE-2019-3861.patch + +# fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) +Patch8: 0008-libssh2-1.8.0-CVE-2019-3862.patch + +# fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) +Patch9: 0009-libssh2-1.8.0-CVE-2019-3863.patch + +Patch14: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch + +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: openssl-devel +BuildRequires: sed +BuildRequires: zlib-devel +BuildRequires: /usr/bin/man + +# Test suite requirements - we run the OpenSSH server and try to connect to it +BuildRequires: openssh-server +# We use matchpathcon to get the correct SELinux context for the ssh server +# initialization script so that it can transition correctly in an SELinux +# environment +%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) +BuildRequires: libselinux-utils +BuildRequires: selinux-policy-targeted +%endif + +%description +libssh2 is a library implementing the SSH2 protocol as defined by +Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), +SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, +SECSH-DHGEX(04), and SECSH-NUMBERS(10). + +%package devel +Summary: Development files for libssh2 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The libssh2-devel package contains libraries and header files for +developing applications that use libssh2. + +%package docs +Summary: Documentation for libssh2 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description docs +The libssh2-docs package contains man pages and examples for +developing applications that use libssh2. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 + +# Replace hard wired port number in the test suite to avoid collisions +# between 32-bit and 64-bit builds running on a single build-host +sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh} + +# scp: send valid commands for remote execution (#1489733) +%patch14 -p1 + +# Make sshd transition appropriately if building in an SELinux environment +%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) +chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : +chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : +chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || : +%endif + +%build +%configure --disable-silent-rules --disable-static --enable-shared +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -delete + +# clean things up a bit for packaging +make -C example clean +rm -rf example/.deps +find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete + +# avoid multilib conflict on libssh2-devel +mv -v example example.%{_arch} + +%check +echo "Running tests for %{_arch}" +# The SSH test will fail if we don't have /dev/tty, as is the case in some +# versions of mock (#672713) +if [ ! -c /dev/tty ]; then + echo Skipping SSH test due to missing /dev/tty + echo "exit 0" > tests/ssh2.sh +fi +# Apparently it fails in the sparc and arm buildsystems too +%ifarch %{sparc} %{arm} +echo Skipping SSH test on sparc/arm +echo "exit 0" > tests/ssh2.sh +%endif +# mansyntax check fails on PPC* and aarch64 with some strange locale error +%ifarch ppc %{power64} aarch64 +echo "Skipping mansyntax test on PPC* and aarch64" +echo "exit 0" > tests/mansyntax.sh +%endif +make -C tests check + +%ldconfig_scriptlets + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc docs/AUTHORS README RELEASE-NOTES +%{_libdir}/libssh2.so.1 +%{_libdir}/libssh2.so.1.* + +%files docs +%doc docs/BINDINGS docs/HACKING docs/TODO NEWS +%{_mandir}/man3/libssh2_*.3* + +%files devel +%doc example.%{_arch}/ +%{_includedir}/libssh2.h +%{_includedir}/libssh2_publickey.h +%{_includedir}/libssh2_sftp.h +%{_libdir}/libssh2.so +%{_libdir}/pkgconfig/libssh2.pc + +%changelog +* Tue Apr 02 2019 Kamil Dudka 1.8.0-8 +- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) +- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) +- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) +- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) +- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) +- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) +- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) + +* Wed Feb 07 2018 Fedora Release Engineering - 1.8.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 1.8.0-6 +- Switch to %%ldconfig_scriptlets + +* Tue Sep 12 2017 Paul Howarth - 1.8.0-5 +- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) +- Make devel package dependency on main package arch-specific +- Drop EL-5 support + - noarch sub-packages always available now + - Drop legacy Group: and BuildRoot: tags + - Drop explicit buildroot cleaning + - %%{__isa_bits} always defined now + +* Thu Aug 03 2017 Fedora Release Engineering - 1.8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Oct 25 2016 Paul Howarth - 1.8.0-1 +- Update to 1.8.0 + - Added a basic dockerised test suite + - crypto: Add support for the mbedTLS backend + - See RELEASE-NOTES for details of bug fixes + +* Thu Oct 20 2016 Kamil Dudka - 1.7.0-7 +- Make curl test-suite work again with valgrind enabled + +* Tue Oct 11 2016 Tomáš Mráz - 1.7.0-6 +- Rebuild with OpenSSL 1.1.0 + +* Sun Mar 6 2016 Paul Howarth - 1.7.0-5 +- Revert parts of previous change that broke EL-5 compatibility +- Include NEWS in docs package, it's much more than RELEASE-NOTES + +* Sat Mar 5 2016 Peter Robinson - 1.7.0-4 +- Modernise spec (no we really don't care about el4/fc4) +- Don't ship ChangeLog/NEWS, duplicates of RELEASE-NOTES + +* Wed Feb 24 2016 Paul Howarth - 1.7.0-3 +- Drop UTF-8 patch, which breaks things rather than fixes them + +* Wed Feb 24 2016 Kamil Dudka - 1.7.0-2 +- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) + +* Tue Feb 23 2016 Paul Howarth - 1.7.0-1 +- Update to 1.7.0 + - diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see + http://www.libssh2.org/adv_20160223.html + - libssh2_session_set_last_error: Add function + - See RELEASE-NOTES for details of bug fixes + +* Thu Feb 04 2016 Fedora Release Engineering - 1.6.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Paul Howarth - 1.6.0-3 +- Fix pkg-config --libs output (#1279966) + +* Wed Jun 17 2015 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Jun 14 2015 Paul Howarth - 1.6.0-1 +- Update to 1.6.0 + - Added CMake build system + - Added libssh2_userauth_publickey_frommemory() + - See RELEASE-NOTES for details of bug fixes + +* Wed Mar 11 2015 Paul Howarth - 1.5.0-1 +- Update to 1.5.0 + - See RELEASE-NOTES for details of bug fixes and enhancements + - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded + +* Fri Oct 10 2014 Kamil Dudka 1.4.3-16 +- prevent a not-connected agent from closing STDIN (#1147717) + +* Sun Aug 17 2014 Fedora Release Engineering - 1.4.3-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 1.4.3-14 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 1.4.3-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 30 2014 Kamil Dudka 1.4.3-12 +- Fix curl's excessive memory consumption during scp download + +* Mon Feb 17 2014 Paul Howarth - 1.4.3-11 +- The aarch64 buildroot seems to have the same locale issue as the PPC one + +* Mon Feb 17 2014 Karsten Hopp 1.4.3-10 +- Next attempt to work around a self check problem on PPC* + +* Mon Feb 17 2014 Karsten Hopp 1.4.3-9 +- Skip self checks on ppc* + +* Wed Aug 14 2013 Kamil Dudka 1.4.3-8 +- Fix very slow sftp upload to localhost +- Fix a use after free in channel.c + +* Sat Aug 03 2013 Fedora Release Engineering - 1.4.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 9 2013 Paul Howarth 1.4.3-6 +- Revert 'Modernize the spec file' so as to retain EL-5 spec compatibility + +* Tue Apr 9 2013 Richard W.M. Jones 1.4.3-5 +- Add three patches from upstream git required for qemu ssh block driver +- Modernize the spec file: + * Remove BuildRoot + * Remove Group + * Remove clean section + * Don't need to clean up buildroot before installing + +* Wed Apr 3 2013 Paul Howarth 1.4.3-4 +- Avoid polluting libssh2.pc with linker options (#947813) + +* Tue Mar 26 2013 Kamil Dudka 1.4.3-3 +- Avoid collisions between 32-bit and 64-bit builds running on a single build + host + +* Thu Feb 14 2013 Fedora Release Engineering - 1.4.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 28 2012 Paul Howarth 1.4.3-1 +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + +* Wed Nov 07 2012 Kamil Dudka 1.4.2-4 +- examples: use stderr for messages, stdout for data (upstream commit b31e35ab) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) + +* Wed Sep 26 2012 Kamil Dudka 1.4.2-3 +- Fix basic functionality of libssh2 in FIPS mode +- Skip SELinux-related quirks on recent distros to prevent a test-suite failure + +* Thu Jul 19 2012 Fedora Release Engineering - 1.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun May 20 2012 Paul Howarth 1.4.2-1 +- Update to 1.4.2 + - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + - userauth.c: fread() from public key file to correctly detect any errors + - configure.ac: add option to disable build of the example applications + - added 'Requires.private:' line to libssh2.pc + - SFTP: filter off incoming "zombie" responses + - gettimeofday: no need for a replacement under cygwin + - SSH_MSG_CHANNEL_REQUEST: default to want_reply + - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB + +* Fri Apr 27 2012 Paul Howarth 1.4.1-2 +- Fix multi-arch conflict again (#816969) + +* Thu Apr 5 2012 Paul Howarth 1.4.1-1 +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + +* Mon Mar 19 2012 Kamil Dudka 1.4.0-4 +- Don't ignore transport errors when writing to channel (#804150) + +* Sun Mar 18 2012 Paul Howarth 1.4.0-3 +- Don't try to use openssl's AES-CTR functions + (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) + +* Fri Mar 16 2012 Paul Howarth 1.4.0-2 +- fix libssh2 failing key re-exchange when write channel is saturated (#804156) +- drop %%defattr, redundant since rpm 4.4 + +* Wed Feb 1 2012 Paul Howarth 1.4.0-1 +- update to 1.4.0 + - added libssh2_session_supported_algs() + - added libssh2_session_banner_get() + - added libssh2_sftp_get_channel() + - libssh2.h: bump the default window size to 256K + - sftp-seek: clear EOF flag + - userauth: provide more informations if ssh pub key extraction fails + - ssh2_exec: skip error outputs for EAGAIN + - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 + - knownhost_check(): don't dereference ext if NULL is passed + - knownhost_add: avoid dereferencing uninitialized memory on error path + - OpenSSL EVP: fix threaded use of structs + - _libssh2_channel_read: react on errors from receive_window_adjust + - sftp_read: cap the read ahead maximum amount + - _libssh2_channel_read: fix non-blocking window adjusting +- add upstream patch fixing undefined function reference in libgcrypt backend +- BR: /usr/bin/man for test suite + +* Sun Jan 15 2012 Peter Robinson 1.3.0-4 +- skip the ssh test on ARM too + +* Fri Jan 13 2012 Paul Howarth 1.3.0-3 +- make docs package noarch where possible +- example includes arch-specific bits, so move to devel package +- use patch rather than scripted iconv to fix character encoding +- don't make assumptions about SELinux context types used for the ssh server + in the test suite +- skip the ssh test if /dev/tty isn't present, as in some versions of mock +- make the %%files list more explicit +- use tabs for indentation + +* Fri Jan 13 2012 Fedora Release Engineering 1.3.0-2 +- rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Sep 08 2011 Kamil Dudka 1.3.0-1 +- update to 1.3.0 + +* Sat Jun 25 2011 Dennis Gilmore 1.2.7-2 +- sshd/loopback test fails in the sparc buildsystem + +* Tue Oct 12 2010 Kamil Dudka 1.2.7-1 +- update to 1.2.7 (#632916) +- avoid multilib conflict on libssh2-docs +- avoid build failure in mock with SELinux in the enforcing mode (#558964) + +* Fri Mar 12 2010 Chris Weyl 1.2.4-1 +- update to 1.2.4 +- drop old patch0 +- be more aggressive about keeping .deps from intruding into -docs + +* Wed Jan 20 2010 Chris Weyl 1.2.2-5 +- pkgconfig dep should be with -devel, not -docs + +* Mon Jan 18 2010 Chris Weyl 1.2.2-4 +- enable tests; conditionalize sshd test, which fails with a funky SElinux + error when run locally + +* Mon Jan 18 2010 Chris Weyl 1.2.2-3 +- patch w/1aba38cd7d2658146675ce1737e5090f879f306; not yet in a GA release + +* Thu Jan 14 2010 Chris Weyl 1.2.2-2 +- correct bad file entry under -devel + +* Thu Jan 14 2010 Chris Weyl 1.2.2-1 +- update to 1.2.2 +- drop old patch now in upstream +- add new pkgconfig file to -devel + +* Mon Sep 21 2009 Chris Weyl 1.2-2 +- patch based on 683aa0f6b52fb1014873c961709102b5006372fc +- disable tests (*sigh*) + +* Tue Aug 25 2009 Chris Weyl 1.2-1 +- update to 1.2 + +* Fri Aug 21 2009 Tomas Mraz - 1.0-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Chris Weyl 1.0-1 +- update to 1.0 + +* Sat Jan 17 2009 Tomas Mraz - 0.18-8 +- rebuild with new openssl + +* Mon Feb 18 2008 Fedora Release Engineering - 0.18-7 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Chris Weyl 0.18-6 +- rebuild for new openssl... + +* Tue Nov 27 2007 Chris Weyl 0.18-5 +- bump + +* Tue Nov 27 2007 Chris Weyl 0.18-4 +- add INSTALL arg to make install vs env. var + +* Mon Nov 26 2007 Chris Weyl 0.18-3 +- run tests; don't package test + +* Sun Nov 18 2007 Chris Weyl 0.18-2 +- split docs into -docs (they seemed... large.) + +* Tue Nov 13 2007 Chris Weyl 0.18-1 +- update to 0.18 + +* Sun Oct 14 2007 Chris Weyl 0.17-1 +- update to 0.17 +- many spec file changes + +* Wed May 23 2007 Sindre Pedersen Bjørdal - 0.15-0.2.20070506 +- Fix release tag +- Move manpages to -devel package +- Add Examples dir to -devel package + +* Sun May 06 2007 Sindre Pedersen Bjørdal - 0.15-0.20070506.1 +- Initial build