Updating link to change in openSUSE:Factory/libssh revision 72

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=6fe093b9fc4672845f0657dbf546ea06

libssh-0.10.5.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b60e2ff7f367b9eee2b5634d3a63303ddfede0e6a18dfca88c44a8770e7e4234
-size 557776

libssh-0.10.5.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmRTm30ACgkQfuD8TcwB
-Tj0TBQ/+MS5qNXgV8I/3s0k6jpzTsEMdozOZ7RYiJg9i9UzCGsIuJ0aiMl+G1aFH
-UJOkLlHgGXTSCeZk4aoSTky2jEOezcFgsi0v9j8nmxRTjlDDAY0KxOoA//wc5nQ0
-fgQKUbX0SrtIbe9qpffoGBjaEap2ICAiM7a5PJ+Js0RQ944TqmkWmhGP/2XhxsF9
-0TJ6e4ilSg/mTBV5GemLTRSc+MgFoh5jJiV1+zmkOw5bBvPx7/KgsdmhoZ63prFI
-8LvfChEEx50lyTXC8eLW4uSvO5tMHyAwDNBJcKOccp5yqEr147S1pZL8iNS0C2EF
-/vG7zRDa3dv81xJjuPVdO40/GE77omp1IWC3i4ZskaAocGOmHo7KSwJ/7MjtAuJT
-QgqeTPHjENRYbB6FvyesHpWzesORFIxQtCMxugVpEPcc3WLIRNLvJGa7rofAGJJf
-u5uLyzmBuyAWm5gpPMyLRy2ysAgBi7NVusnAuR4v28r8YYpGrwTG+epJ1fV6MKWV
-tlV8aCY51H7WVmDNJlwyJOwEZWzRdi9n3e22hEm79+cj3WKY3uwYwJI4s0CgcsUw
-OzEZt97Yy+pSvdOokgNHRz0tGoDXZw55PF4+mcyvXSQfZJ2QCL7q7dJ/7DmibGgY
-LtsN5bSfzXgEBqpty/sD5HSSt1/fNICJjfuiTKtjKXMD45wBUkE=
-=IAN/
------END PGP SIGNATURE-----

libssh-0.10.6.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmWAeGkACgkQfuD8TcwB
+Tj2yAw//QOMEcCiijJvOgXCKsVoV9oSuK3aYxqpOS9cV2P40eev0KQrAZC2EXNt3
+XAdfNhA21b2C6qSxckmkCWg3vwPmM6LousHG+zpyZkiSziolMoeBkvbEdU42fufE
+SD39cA1bBEbZahyrILWT2I3Bi0d0G7FC13tIBXShS2zIITSXs/2SSRIhg3OXB979
+FTwvEE4zHeSXO4itTMNA/sMJ/0qPccQIzisH0g/TF4318b0qjlQjkHJS1y0f3/PL
+Ge3RORQVcZqGTnhJNlF/tKD8wZ9mfqqurQ9yNshiAu8hH8sDH5ZhI3o5pjQe0mGO
+JNEwTw0X/vZ4iglWFmm2CusiHrh0KUFsrp8f3oaL3HU4i7yYgo0FhzFtgFVt0gXO
+JQOhlSUq50yqbBj6S9C5ecuSR0uPgYA4d8qCFrt9oD77m7Qi3mMi+f/kP+HctIaV
+4ro7lZf6IS54J4/m5hRY3F0nweFnZZL8gn8Da8mBZSvhXCqQL6qbD9buwrTzxGft
+Fct7+PrRwz9igO7j2nNMyWxtX55/GpX06n7vuonRgQQQiT8eQ5R71STMHJaACFPS
+CJHCpuVL28HGdyAxN5d65TCvkNo9/gFGM6ocIH3OlreTFUvy22qNrqwHpCkLgYWU
+ylntVoE/VYtHtwFOe0uuCX+2TiM03P5UT2NqAAa/8D4Z5ur3qUY=
+=nXW5
+-----END PGP SIGNATURE-----

libssh-fix-ipv6-hostname-regression.patch

@@ -0,0 +1,265 @@
+From 66ac6343b246458a6645ae32f75556a1407031ec Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 22 Dec 2023 10:32:40 +0100
+Subject: [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ include/libssh/config_parser.h | 11 ++++++++---
+ src/config.c                   |  4 ++--
+ src/config_parser.c            | 19 ++++++++++++++-----
+ src/options.c                  | 10 ++--------
+ 4 files changed, 26 insertions(+), 18 deletions(-)
+
+diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h
+index a7dd42a2c..ca353432b 100644
+--- a/include/libssh/config_parser.h
++++ b/include/libssh/config_parser.h
+@@ -30,6 +30,8 @@
+ extern "C" {
+ #endif
+ 
++#include <stdbool.h>
++
+ char *ssh_config_get_cmd(char **str);
+ 
+ char *ssh_config_get_token(char **str);
+@@ -49,14 +51,17 @@ int ssh_config_get_yesno(char **str, int notfound);
+  *                       be stored or NULL if we do not care about the result.
+  * @param[out]  port     Pointer to the location, where the new port will
+  *                       be stored or NULL if we do not care about the result.
++ * @param[in]   ignore_port Set to true if the we should not attempt to parse
++ *                       port number.
+  *
+  * @returns     SSH_OK if the provided string is in format of SSH URI,
+  *              SSH_ERROR on failure
+  */
+ int ssh_config_parse_uri(const char *tok,
+-        char **username,
+-        char **hostname,
+-        char **port);
++                         char **username,
++                         char **hostname,
++                         char **port,
++                         bool ignore_port);
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/src/config.c b/src/config.c
+index 5eedbce96..7135c3b19 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
+         }
+         if (parse_entry) {
+             /* We actually care only about the first item */
+-            rv = ssh_config_parse_uri(cp, &username, &hostname, &port);
++            rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false);
+             /* The rest of the list needs to be passed on */
+             if (endp != NULL) {
+                 next = strdup(endp + 1);
+@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
+             }
+         } else {
+             /* The rest is just sanity-checked to avoid failures later */
+-            rv = ssh_config_parse_uri(cp, NULL, NULL, NULL);
++            rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false);
+         }
+         if (rv != SSH_OK) {
+             goto out;
+diff --git a/src/config_parser.c b/src/config_parser.c
+index 9ffc8b8b0..b30e94091 100644
+--- a/src/config_parser.c
++++ b/src/config_parser.c
+@@ -161,10 +161,14 @@ int ssh_config_get_yesno(char **str, int notfound)
+     return notfound;
+ }
+ 
++/* Parse the URI extracting parts such as a username, hostname and port.
++ * If the port is NULL, do not expect port present and be more lax for example
++ * with matching IPv6 address which have the same separators as host:port */
+ int ssh_config_parse_uri(const char *tok,
+-        char **username,
+-        char **hostname,
+-        char **port)
++                         char **username,
++                         char **hostname,
++                         char **port,
++                         bool ignore_port)
+ {
+     char *endp = NULL;
+     long port_n;
+@@ -210,12 +214,17 @@ int ssh_config_parse_uri(const char *tok,
+         if (endp == NULL) {
+             goto error;
+         }
+-    } else {
+-        /* Hostnames or aliases expand to the last colon or to the end */
++    } else if (!ignore_port) {
++        /* Hostnames or aliases expand to the last colon (if port is requested)
++         * or to the end */
+         endp = strrchr(tok, ':');
+         if (endp == NULL) {
+             endp = strchr(tok, '\0');
+         }
++    } else {
++        /* If no port is requested, expand to the end of line
++         * (to accommodate the IPv6 addresses) */
++        endp = strchr(tok, '\0');
+     }
+     if (tok == endp) {
+         /* Zero-length hostnames are not valid */
+diff --git a/src/options.c b/src/options.c
+index 2e73be462..676c49e7a 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -634,17 +634,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
+                 ssh_set_error_invalid(session);
+                 return -1;
+             } else {
+-                char *username = NULL, *hostname = NULL, *port = NULL;
+-                rc = ssh_config_parse_uri(value, &username, &hostname, &port);
++                char *username = NULL, *hostname = NULL;
++                rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true);
+                 if (rc != SSH_OK) {
+                     return -1;
+                 }
+-                if (port != NULL) {
+-                    SAFE_FREE(username);
+-                    SAFE_FREE(hostname);
+-                    SAFE_FREE(port);
+-                    return -1;
+-                }
+                 if (username != NULL) {
+                     SAFE_FREE(session->opts.username);
+                     session->opts.username = username;
+-- 
+GitLab
+
+
+From f2ec751f09901b9c539ae096f5ee4fc63f305f30 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 22 Dec 2023 09:52:18 +0100
+Subject: [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as
+ hostnames
+
+This was an issue in cockpit:
+
+https://github.com/cockpit-project/cockpit/issues/19772
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/unittests/torture_config.c  | 49 +++++++++++++++++++++++++++++++
+ tests/unittests/torture_options.c | 16 ++++++++++
+ 2 files changed, 65 insertions(+)
+
+diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
+index bc6b08f94..751aa126c 100644
+--- a/tests/unittests/torture_config.c
++++ b/tests/unittests/torture_config.c
+@@ -2332,6 +2332,53 @@ static void torture_config_make_absolute_no_sshdir(void **state)
+     torture_config_make_absolute_int(state, 1);
+ }
+ 
++static void torture_config_parse_uri(void **state)
++{
++    char *username = NULL;
++    char *hostname = NULL;
++    char *port = NULL;
++    int rc;
++
++    (void)state; /* unused */
++
++    rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false);
++    assert_return_code(rc, errno);
++    assert_null(username);
++    assert_string_equal(hostname, "localhost");
++    SAFE_FREE(hostname);
++    assert_null(port);
++
++    rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false);
++    assert_return_code(rc, errno);
++    assert_null(username);
++    assert_string_equal(hostname, "1.2.3.4");
++    SAFE_FREE(hostname);
++    assert_null(port);
++
++    rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false);
++    assert_return_code(rc, errno);
++    assert_null(username);
++    assert_string_equal(hostname, "1.2.3.4");
++    SAFE_FREE(hostname);
++    assert_string_equal(port, "2222");
++    SAFE_FREE(port);
++
++    rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false);
++    assert_return_code(rc, errno);
++    assert_null(username);
++    assert_string_equal(hostname, "1:2:3::4");
++    SAFE_FREE(hostname);
++    assert_string_equal(port, "2222");
++    SAFE_FREE(port);
++
++    /* do not want port */
++    rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true);
++    assert_return_code(rc, errno);
++    assert_null(username);
++    assert_string_equal(hostname, "1:2:3::4");
++    SAFE_FREE(hostname);
++}
++
+ int torture_run_tests(void)
+ {
+     int rc;
+@@ -2424,6 +2471,8 @@ int torture_run_tests(void)
+                                         setup, teardown),
+         cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir,
+                                         setup_no_sshdir, teardown),
++        cmocka_unit_test_setup_teardown(torture_config_parse_uri,
++                                        setup, teardown),
+     };
+ 
+ 
+diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
+index 5ba3bdc6a..b07712d86 100644
+--- a/tests/unittests/torture_options.c
++++ b/tests/unittests/torture_options.c
+@@ -57,6 +57,20 @@ static void torture_options_set_host(void **state) {
+     assert_non_null(session->opts.host);
+     assert_string_equal(session->opts.host, "localhost");
+ 
++    /* IPv4 address */
++    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1");
++    assert_true(rc == 0);
++    assert_non_null(session->opts.host);
++    assert_string_equal(session->opts.host, "127.1.1.1");
++    assert_null(session->opts.username);
++
++    /* IPv6 address */
++    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1");
++    assert_true(rc == 0);
++    assert_non_null(session->opts.host);
++    assert_string_equal(session->opts.host, "::1");
++    assert_null(session->opts.username);
++
+     rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation");
+     assert_true(rc == 0);
+     assert_non_null(session->opts.host);
+@@ -64,12 +78,14 @@ static void torture_options_set_host(void **state) {
+     assert_non_null(session->opts.username);
+     assert_string_equal(session->opts.username, "guru");
+ 
++    /* more @ in uri is OK -- it should go to the username */
+     rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
+     assert_true(rc == 0);
+     assert_non_null(session->opts.host);
+     assert_string_equal(session->opts.host, "hostname");
+     assert_non_null(session->opts.username);
+     assert_string_equal(session->opts.username, "at@login");
++
+ }
+ 
+ static void torture_options_set_ciphers(void **state) {
+-- 
+GitLab
+

libssh.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sat Dec 23 10:35:07 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
+
+- Fix regression parsing IPv6 addresses provided as hostname
+  * Added libssh-fix-ipv6-hostname-regression.patch
+
+-------------------------------------------------------------------
+Tue Dec 19 12:28:53 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
+
+- Update to version 0.10.6
+  https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
+- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209)
+- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126)
+- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186)
+
 -------------------------------------------------------------------
 Mon Sep 25 09:09:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

libssh.spec

@@ -30,7 +30,7 @@
 %bcond_with test
 %endif
 Name:           libssh%{pkg_suffix}
-Version:        0.10.5
+Version:        0.10.6
 Release:        0
 Summary:        The SSH library
 License:        LGPL-2.1-or-later
@@ -43,6 +43,7 @@ Source3:        libssh_client.config
 Source4:        libssh_server.config
 Source99:       baselibs.conf
 Patch0:         0001-disable-timeout-test-on-slow-buildsystems.patch
+Patch1:         https://gitlab.com/libssh/libssh-mirror/-/merge_requests/431.patch#/libssh-fix-ipv6-hostname-regression.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  krb5-devel