Update to Factory level

Update to 0.11.3
2026-02-13 09:31:29 +01:00 · 2025-10-27 10:20:14 +01:00
7 changed files with 52 additions and 370 deletions
--- a/libssh-0.11.2.tar.xz
+++ b/libssh-0.11.2.tar.xz
--- a/libssh-0.11.2.tar.xz.asc
+++ b/libssh-0.11.2.tar.xz.asc
@@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEiKIo2JsHwsd9DHgJA9XfjP3T6OcFAmhaqdkACgkQA9XfjP3T
 6Oe5xA/+LkbLEPKgNRKMFbXZX2UIyotnFUbZ2o0bujswAxGPqY2paYDHuA5njjKD
 b9I7WGKstrlywyDr3c+fBSak4uRkLgV7vb6GfjSTXwUoqCwXkUqjVMSO58iSnblZ
 gjuRglsL0dgTd6jF+LCGqD5JMDNk2spvK0xD/8i53MCqaLv2ysevR1Q2osaw8Hca
 AM3kHoCRK1TR2gDMLDoX9zSh0UrbHj7o5yG7KBTFoXJsJeR6OtTir72RVTuro8v7
 8rT1nWbEcgIk/W9+5k7fVuIZc7w1wHqkX8Rj3aubKsLLPPRRJ0Yy7eCRJ26i3d5J
 51NlmkjrXzmAVd80DOfcd8Ux4I3p85QFXqkgd3J5TgzeV1r0/xJ0Qer612pSPTXq
 7UPZmyD914ak0EUdiBmud9OIKNmS+szAW2gAtz3Es59aK3LrLO/wgSi09Jq0wqfZ
 yyvG4/a9dkHaNk0+cSy5YsL0truGCoIPYfKe5ESy5OdzYSYbCdymS8cQRVH3t0is
 inVV5PbfymbPtscYAliTOMhSYL6VktRBOf5kFA/8EG4+SPI6ingTecc0GqOMPhVu
 gYuj6G+bmschKkhHcMpbkmo7HN+sDBpdOWyPqs68RvytNWjng0x5jAFdDvA/I/6b
 ZNmiDlTUfTgsNqBLMNkQ+cx+mRzpp4L87Xvm4ZQhDl3MwxvY048=
 =aw47
 -----END PGP SIGNATURE-----
--- a/libssh-0.11.4.tar.xz
+++ b/libssh-0.11.4.tar.xz
--- a/libssh-0.11.4.tar.xz.asc
+++ b/libssh-0.11.4.tar.xz.asc
@@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEiKIo2JsHwsd9DHgJA9XfjP3T6OcFAmmK/70ACgkQA9XfjP3T
 6Od1yQ/9Gw+gAhVkj5ibOVLHrqngOEg85acL7PRpaOsCn/1ZKMXXLCVmgPM7Yxvc
 sZmkXufMCj+EEJgDayccbfj90DLl6iEl0+u+jGlR7Ck8Sy8BcA/T9xk+fD0S5mKF
 3VmgrdmdChyAKU94SzBNjhWxktbWHuPZhW7gwM8tLn3iuj7eIiCpqRjpUpNji2Bt
 0ZnHo8QT1Y7SnqTOZcPhEPJRVINwN4n1pqIQQKL8PVa+Ewk4xbQVLOThQljqJ8PR
 Fe6Te89rtpfD9Mauta4ME1gbFCzgfTen4qlZl28yPm/Yd07biwScVZHdk4m9Jtpn
 hcX74AMesfz0S9GAUlALjSedhMT6lq31L2DzdMiGekhkXQcosxykC6g+KJFhZrfY
 T8JwxzXadGBb1CXBz18rgl+EZfBiTWLZ7Z88DNvbcZIWeW8q7ZqX+yJRT8RZiUHU
 GBy/R5M0LBKPJtBRh0SmaNNBYsgej3ExyqUbMabpXyQRfk52MUNYxjUwiVZrgKj6
 z4vxEo0NtsrA4Uy6en/qZls+KzvmfB63XfccIlcfeUuEPFrS0RwPprTOidPwK934
 h6wyWC479xevYE3boGWDI/3CyBcnX8PpXPy3yjPjxGgSjKIJYJ9Y64C9figXFf9l
 AEzIao4x0tHPiDRoUfxfPd2POAQhZxgMvyTWqYhCgz8QgUFzV3Q=
 =KKhf
 -----END PGP SIGNATURE-----
--- a/libssh-cmake-Add-option-WITH_HERMETIC_USR.patch
+++ b/libssh-cmake-Add-option-WITH_HERMETIC_USR.patch
@@ -1,347 +0,0 @@
 From d88dbc1e0fa6dab2de359f211792c0b5c3ec7664 Mon Sep 17 00:00:00 2001
 From: Lucas Mulling <lucas.mulling@suse.com>
 Date: Mon, 17 Feb 2025 14:13:53 -0300
 Subject: [PATCH] cmake: Add option WITH_HERMETIC_USR
 Add a cmake option to enable hermetic-usr, i.e., use of config files in /usr/.
 If turned on, GLOBAL_*_CONFIG is prepended with /usr/ and defined as
 USR_GLOBAL_*_CONFIG. Config lookup follows this path GLOBAL_*_CONFIG ->
 USR_GLOBAL_*_CONFIG.
 Introduce a ssh_config_parse primitive. This avoids convoluted checks for file
 presence (without modifing the behaviour of ssh_config_parse_file) and allows
 marking whether the config is global at the call site.
 Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
 Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 ---
 CMakeLists.txt           |   8 ++-
 DefineOptions.cmake      |   6 +++
 config.h.cmake           |   2 +
 include/libssh/libssh.h  |   3 +-
 include/libssh/options.h |   1 +
 src/config.c             |  56 ++++++++++++++-------
 src/options.c            | 106 ++++++++++++++++++++++++---------------
 7 files changed, 122 insertions(+), 60 deletions(-)
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 9877cd70..9a4ea9e3 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -249,9 +249,15 @@ message(STATUS "Benchmarks: ${WITH_BENCHMARKS}")
 message(STATUS "Symbol versioning: ${WITH_SYMBOL_VERSIONING}")
 message(STATUS "Allow ABI break: ${WITH_ABI_BREAK}")
 message(STATUS "Release is final: ${WITH_FINAL}")
 +if (WITH_HERMETIC_USR)
 +    message(STATUS "User global client config: ${USR_GLOBAL_CLIENT_CONFIG}")
 +endif ()
 message(STATUS "Global client config: ${GLOBAL_CLIENT_CONFIG}")
 if (WITH_SERVER)
 -message(STATUS "Global bind config: ${GLOBAL_BIND_CONFIG}")
 +    if (WITH_HERMETIC_USR)
 +        message(STATUS "User global bind config: ${USR_GLOBAL_BIND_CONFIG}")
 +    endif ()
 +    message(STATUS "Global bind config: ${GLOBAL_BIND_CONFIG}")
 endif()
 message(STATUS "********************************************")
 diff --git a/DefineOptions.cmake b/DefineOptions.cmake
 index f1a6a244..91bb96db 100644
 --- a/DefineOptions.cmake
 +++ b/DefineOptions.cmake
@@ -27,6 +27,7 @@ option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not s
 option(WITH_EXEC "Enable libssh to execute arbitrary commands from configuration files or options (match exec, proxy commands and OpenSSH-based proxy-jumps)." ON)
 option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF)
 option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
 +option(WITH_HERMETIC_USR "Build with support for hermetic /usr/" OFF)
 if (WITH_ZLIB)
     set(WITH_LIBZ ON)
@@ -59,6 +60,11 @@ if (NOT GLOBAL_CLIENT_CONFIG)
   set(GLOBAL_CLIENT_CONFIG "/etc/ssh/ssh_config")
 endif (NOT GLOBAL_CLIENT_CONFIG)
 +if (WITH_HERMETIC_USR)
 +  set(USR_GLOBAL_BIND_CONFIG "/usr${GLOBAL_BIND_CONFIG}")
 +  set(USR_GLOBAL_CLIENT_CONFIG "/usr${GLOBAL_CLIENT_CONFIG}")
 +endif (WITH_HERMETIC_USR)
 +
 if (FUZZ_TESTING)
   set(WITH_INSECURE_NONE ON)
 endif (FUZZ_TESTING)
 diff --git a/config.h.cmake b/config.h.cmake
 index 8dce5273..b61ce1db 100644
 --- a/config.h.cmake
 +++ b/config.h.cmake
@@ -9,9 +9,11 @@
 #cmakedefine SOURCEDIR "${SOURCEDIR}"
 /* Global bind configuration file path */
 +#cmakedefine USR_GLOBAL_BIND_CONFIG "${USR_GLOBAL_BIND_CONFIG}"
 #cmakedefine GLOBAL_BIND_CONFIG "${GLOBAL_BIND_CONFIG}"
 /* Global client configuration file path */
 +#cmakedefine USR_GLOBAL_CLIENT_CONFIG "${USR_GLOBAL_CLIENT_CONFIG}"
 #cmakedefine GLOBAL_CLIENT_CONFIG "${GLOBAL_CLIENT_CONFIG}"
 /************************** HEADER FILES *************************/
 diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
 index 3bddb019..28fe7396 100644
 --- a/include/libssh/libssh.h
 +++ b/include/libssh/libssh.h
@@ -49,9 +49,10 @@
   #endif
 #endif
 +#include <inttypes.h>
 #include <stdarg.h>
 +#include <stdbool.h>
 #include <stdint.h>
 -#include <inttypes.h>
 #ifdef _MSC_VER
   typedef int mode_t;
 diff --git a/include/libssh/options.h b/include/libssh/options.h
 index d32e1589..63b207fa 100644
 --- a/include/libssh/options.h
 +++ b/include/libssh/options.h
@@ -25,6 +25,7 @@
 extern "C" {
 #endif
 +int ssh_config_parse(ssh_session session, FILE *fp, bool global);
 int ssh_config_parse_file(ssh_session session, const char *filename);
 int ssh_config_parse_string(ssh_session session, const char *input);
 int ssh_options_set_algo(ssh_session session,
 diff --git a/src/config.c b/src/config.c
 index b4171efd..611c0349 100644
 --- a/src/config.c
 +++ b/src/config.c
@@ -1451,45 +1451,67 @@ ssh_config_parse_line(ssh_session session,
   return 0;
 }
 -/* @brief Parse configuration file and set the options to the given session
 +/* @brief Parse configuration from a file pointer
  *
  * @params[in] session   The ssh session
 - * @params[in] filename  The path to the ssh configuration file
 + * @params[in] fp        A valid file pointer
 + * @params[in] global    Whether the config is global or not
  *
  * @returns    0 on successful parsing the configuration file, -1 on error
  */
 -int ssh_config_parse_file(ssh_session session, const char *filename)
 +int ssh_config_parse(ssh_session session, FILE *fp, bool global)
 {
     char line[MAX_LINE_SIZE] = {0};
     unsigned int count = 0;
 -    FILE *f = NULL;
     int parsing, rv;
 +
 +    parsing = 1;
 +    while (fgets(line, sizeof(line), fp)) {
 +        count++;
 +        rv = ssh_config_parse_line(session, line, count, &parsing, 0, global);
 +        if (rv < 0) {
 +            return -1;
 +        }
 +    }
 +
 +    return 0;
 +}
 +
 +/* @brief Parse configuration file and set the options to the given session
 + *
 + * @params[in] session   The ssh session
 + * @params[in] filename  The path to the ssh configuration file
 + *
 + * @returns    0 on successful parsing the configuration file, -1 on error
 + */
 +int ssh_config_parse_file(ssh_session session, const char *filename)
 +{
 +    FILE *fp = NULL;
 +    int rv;
     bool global = 0;
 -    f = fopen(filename, "r");
 -    if (f == NULL) {
 +    fp = fopen(filename, "r");
 +    if (fp == NULL) {
         return 0;
     }
     rv = strcmp(filename, GLOBAL_CLIENT_CONFIG);
 +#ifdef USR_GLOBAL_CLIENT_CONFIG
 +    if (rv != 0) {
 +        rv = strcmp(filename, USR_GLOBAL_CLIENT_CONFIG);
 +    }
 +#endif
 +
     if (rv == 0) {
         global = true;
     }
     SSH_LOG(SSH_LOG_PACKET, "Reading configuration data from %s", filename);
 -    parsing = 1;
 -    while (fgets(line, sizeof(line), f)) {
 -        count++;
 -        rv = ssh_config_parse_line(session, line, count, &parsing, 0, global);
 -        if (rv < 0) {
 -            fclose(f);
 -            return -1;
 -        }
 -    }
 +    rv = ssh_config_parse(session, fp, global);
 -    fclose(f);
 -    return 0;
 +    fclose(fp);
 +    return rv;
 }
 /* @brief Parse configuration string and set the options to the given session
 diff --git a/src/options.c b/src/options.c
 index 785296dd..6a72e0e2 100644
 --- a/src/options.c
 +++ b/src/options.c
@@ -26,6 +26,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 +#include <unistd.h>
 #ifndef _WIN32
 #include <pwd.h>
 #else
@@ -1814,6 +1815,8 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
  *
  * @param  filename     The options file to use, if NULL the default
  *                      ~/.ssh/config and /etc/ssh/ssh_config will be used.
 + *                      If complied with support for hermetic-usr,
 + *                      /usr/etc/ssh/ssh_config will be used last.
  *
  * @return 0 on success, < 0 on error.
  *
@@ -1821,48 +1824,63 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
  */
 int ssh_options_parse_config(ssh_session session, const char *filename)
 {
 -  char *expanded_filename = NULL;
 -  int r;
 +    char *expanded_filename = NULL;
 +    int r;
 +    FILE *fp = NULL;
 -  if (session == NULL) {
 -    return -1;
 -  }
 -  if (session->opts.host == NULL) {
 -    ssh_set_error_invalid(session);
 -    return -1;
 -  }
 -
 -  if (session->opts.sshdir == NULL) {
 -      r = ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL);
 -      if (r < 0) {
 -          ssh_set_error_oom(session);
 -          return -1;
 -      }
 -  }
 -
 -  /* set default filename */
 -  if (filename == NULL) {
 -    expanded_filename = ssh_path_expand_escape(session, "%d/config");
 -  } else {
 -    expanded_filename = ssh_path_expand_escape(session, filename);
 -  }
 -  if (expanded_filename == NULL) {
 -    return -1;
 -  }
 -
 -  r = ssh_config_parse_file(session, expanded_filename);
 -  if (r < 0) {
 -      goto out;
 -  }
 -  if (filename == NULL) {
 -      r = ssh_config_parse_file(session, GLOBAL_CLIENT_CONFIG);
 -  }
 -
 -  /* Do not process the default configuration as part of connection again */
 -  session->opts.config_processed = true;
 +    if (session == NULL) {
 +        return -1;
 +    }
 +    if (session->opts.host == NULL) {
 +        ssh_set_error_invalid(session);
 +        return -1;
 +    }
 +
 +    if (session->opts.sshdir == NULL) {
 +        r = ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL);
 +        if (r < 0) {
 +            ssh_set_error_oom(session);
 +            return -1;
 +        }
 +    }
 +
 +    /* set default filename */
 +    if (filename == NULL) {
 +        expanded_filename = ssh_path_expand_escape(session, "%d/config");
 +    } else {
 +        expanded_filename = ssh_path_expand_escape(session, filename);
 +    }
 +    if (expanded_filename == NULL) {
 +        return -1;
 +    }
 +
 +    r = ssh_config_parse_file(session, expanded_filename);
 +    if (r < 0) {
 +        goto out;
 +    }
 +    if (filename == NULL) {
 +        if ((fp = fopen(GLOBAL_CLIENT_CONFIG, "r")) != NULL) {
 +            filename = GLOBAL_CLIENT_CONFIG;
 +#ifdef USR_GLOBAL_CLIENT_CONFIG
 +        } else if ((fp = fopen(USR_GLOBAL_CLIENT_CONFIG, "r")) != NULL) {
 +            filename = USR_GLOBAL_CLIENT_CONFIG;
 +#endif
 +        }
 +
 +        if (fp) {
 +            SSH_LOG(SSH_LOG_PACKET,
 +                    "Reading configuration data from %s",
 +                    filename);
 +            r = ssh_config_parse(session, fp, true);
 +            fclose(fp);
 +        }
 +    }
 +
 +    /* Do not process the default configuration as part of connection again */
 +    session->opts.config_processed = true;
 out:
 -  free(expanded_filename);
 -  return r;
 +    free(expanded_filename);
 +    return r;
 }
 int ssh_options_apply(ssh_session session)
@@ -2706,7 +2724,13 @@ int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
     /* If the global default configuration hasn't been processed yet, process it
      * before the provided configuration. */
     if (!(sshbind->config_processed)) {
 -        rc = ssh_bind_config_parse_file(sshbind, GLOBAL_BIND_CONFIG);
 +        if (access(GLOBAL_BIND_CONFIG, F_OK) == 0) {
 +            rc = ssh_bind_config_parse_file(sshbind, GLOBAL_BIND_CONFIG);
 +#ifdef USR_GLOBAL_BIND_CONFIG
 +        } else {
 +            rc = ssh_bind_config_parse_file(sshbind, USR_GLOBAL_BIND_CONFIG);
 +#endif
 +        }
         if (rc != 0) {
             return rc;
         }
 -- 
 2.50.0
--- a/libssh.changes
+++ b/libssh.changes
@@ -1,3 +1,34 @@
 -------------------------------------------------------------------
 Wed Feb 11 11:28:10 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
 - Update to 0.11.4:
  * Security fixes:
    - CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
      (bsc#1258049)
    - CVE-2026-0965: Possible Denial of Service when parsing unexpected
      configuration files (bsc#1258045)
    - CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
      (bsc#1258054)
    - CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
    - CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
    - libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP extensions
  * Other fixes:
    - Stability and compatibility improvements of ProxyJump
  * Remove patch upstream: libssh-cmake-Add-option-WITH_HERMETIC_USR.patch
 -------------------------------------------------------------------
 Tue Sep  9 15:19:24 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
 - Update to 0.11.3
  * Security:
    * CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)
    * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)
    * Potential UAF when send() fails during key exchange
  * Bugfixes:
    * Fix possible timeout during KEX if client sends authentication too early
    * Cleanup OpenSSL PKCS#11 provider when loaded
    * Zeroize buffers containing private key blobs during export
 -------------------------------------------------------------------
 Tue Jun 24 14:36:44 UTC 2025 - Andreas Schneider <asn@cryptomilk.org>
--- a/libssh.spec
+++ b/libssh.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libssh
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
 %endif
 Name:           libssh%{pkg_suffix}
-Version:        0.11.2
+Version:        0.11.4
 Release:        0
 Summary:        The SSH library
 License:        LGPL-2.1-or-later
@@ -44,8 +44,6 @@ Source2:        https://www.libssh.org/files/0x03D5DF8CFDD3E8E7_libssh_libssh_or
 Source3:        libssh_client.config
 Source4:        libssh_server.config
 Source99:       baselibs.conf
 # PATCH-FIX-UPSTREAM: libssh tries to read config from wrong crypto-policies location (bsc#1222716)
 Patch0:         libssh-cmake-Add-option-WITH_HERMETIC_USR.patch
 # PATCH-FIX-SUSE: fix hang in torture_channel tests (bsc#1243799)
 Patch1:         libssh-tests-Fix-an-issue-where-torture_session-request-a-SIGTERM-too-early.patch
 BuildRequires:  cmake
Author	SHA256	Message	Date
Pedro Monreal	68153e52f7	Update to Factory level	2026-02-13 09:31:29 +01:00
Pedro Monreal	4a33e180d5	Update to 0.11.3	2025-10-27 10:20:14 +01:00