From 6381976e6aadd09b413773cdef13a5b3fba5ec29c9e72da2dce669559a3a3c89 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 31 Jan 2024 22:53:17 +0000 Subject: [PATCH] Updating link to change in openSUSE:Factory/libssh revision 72 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=6fe093b9fc4672845f0657dbf546ea06 --- libssh-0.10.5.tar.xz | 3 - libssh-0.10.5.tar.xz.asc | 16 -- libssh-0.10.6.tar.xz | 3 + libssh-0.10.6.tar.xz.asc | 16 ++ libssh-fix-ipv6-hostname-regression.patch | 265 ++++++++++++++++++++++ libssh.changes | 15 ++ libssh.spec | 3 +- 7 files changed, 301 insertions(+), 20 deletions(-) delete mode 100644 libssh-0.10.5.tar.xz delete mode 100644 libssh-0.10.5.tar.xz.asc create mode 100644 libssh-0.10.6.tar.xz create mode 100644 libssh-0.10.6.tar.xz.asc create mode 100644 libssh-fix-ipv6-hostname-regression.patch diff --git a/libssh-0.10.5.tar.xz b/libssh-0.10.5.tar.xz deleted file mode 100644 index 9f47892..0000000 --- a/libssh-0.10.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b60e2ff7f367b9eee2b5634d3a63303ddfede0e6a18dfca88c44a8770e7e4234 -size 557776 diff --git a/libssh-0.10.5.tar.xz.asc b/libssh-0.10.5.tar.xz.asc deleted file mode 100644 index 8c479e6..0000000 --- a/libssh-0.10.5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmRTm30ACgkQfuD8TcwB -Tj0TBQ/+MS5qNXgV8I/3s0k6jpzTsEMdozOZ7RYiJg9i9UzCGsIuJ0aiMl+G1aFH -UJOkLlHgGXTSCeZk4aoSTky2jEOezcFgsi0v9j8nmxRTjlDDAY0KxOoA//wc5nQ0 -fgQKUbX0SrtIbe9qpffoGBjaEap2ICAiM7a5PJ+Js0RQ944TqmkWmhGP/2XhxsF9 -0TJ6e4ilSg/mTBV5GemLTRSc+MgFoh5jJiV1+zmkOw5bBvPx7/KgsdmhoZ63prFI -8LvfChEEx50lyTXC8eLW4uSvO5tMHyAwDNBJcKOccp5yqEr147S1pZL8iNS0C2EF -/vG7zRDa3dv81xJjuPVdO40/GE77omp1IWC3i4ZskaAocGOmHo7KSwJ/7MjtAuJT -QgqeTPHjENRYbB6FvyesHpWzesORFIxQtCMxugVpEPcc3WLIRNLvJGa7rofAGJJf -u5uLyzmBuyAWm5gpPMyLRy2ysAgBi7NVusnAuR4v28r8YYpGrwTG+epJ1fV6MKWV -tlV8aCY51H7WVmDNJlwyJOwEZWzRdi9n3e22hEm79+cj3WKY3uwYwJI4s0CgcsUw -OzEZt97Yy+pSvdOokgNHRz0tGoDXZw55PF4+mcyvXSQfZJ2QCL7q7dJ/7DmibGgY -LtsN5bSfzXgEBqpty/sD5HSSt1/fNICJjfuiTKtjKXMD45wBUkE= -=IAN/ ------END PGP SIGNATURE----- diff --git a/libssh-0.10.6.tar.xz b/libssh-0.10.6.tar.xz new file mode 100644 index 0000000..61de8f4 --- /dev/null +++ b/libssh-0.10.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 +size 561036 diff --git a/libssh-0.10.6.tar.xz.asc b/libssh-0.10.6.tar.xz.asc new file mode 100644 index 0000000..77ff765 --- /dev/null +++ b/libssh-0.10.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmWAeGkACgkQfuD8TcwB +Tj2yAw//QOMEcCiijJvOgXCKsVoV9oSuK3aYxqpOS9cV2P40eev0KQrAZC2EXNt3 +XAdfNhA21b2C6qSxckmkCWg3vwPmM6LousHG+zpyZkiSziolMoeBkvbEdU42fufE +SD39cA1bBEbZahyrILWT2I3Bi0d0G7FC13tIBXShS2zIITSXs/2SSRIhg3OXB979 +FTwvEE4zHeSXO4itTMNA/sMJ/0qPccQIzisH0g/TF4318b0qjlQjkHJS1y0f3/PL +Ge3RORQVcZqGTnhJNlF/tKD8wZ9mfqqurQ9yNshiAu8hH8sDH5ZhI3o5pjQe0mGO +JNEwTw0X/vZ4iglWFmm2CusiHrh0KUFsrp8f3oaL3HU4i7yYgo0FhzFtgFVt0gXO +JQOhlSUq50yqbBj6S9C5ecuSR0uPgYA4d8qCFrt9oD77m7Qi3mMi+f/kP+HctIaV +4ro7lZf6IS54J4/m5hRY3F0nweFnZZL8gn8Da8mBZSvhXCqQL6qbD9buwrTzxGft +Fct7+PrRwz9igO7j2nNMyWxtX55/GpX06n7vuonRgQQQiT8eQ5R71STMHJaACFPS +CJHCpuVL28HGdyAxN5d65TCvkNo9/gFGM6ocIH3OlreTFUvy22qNrqwHpCkLgYWU +ylntVoE/VYtHtwFOe0uuCX+2TiM03P5UT2NqAAa/8D4Z5ur3qUY= +=nXW5 +-----END PGP SIGNATURE----- diff --git a/libssh-fix-ipv6-hostname-regression.patch b/libssh-fix-ipv6-hostname-regression.patch new file mode 100644 index 0000000..e4d66d5 --- /dev/null +++ b/libssh-fix-ipv6-hostname-regression.patch @@ -0,0 +1,265 @@ +From 66ac6343b246458a6645ae32f75556a1407031ec Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 10:32:40 +0100 +Subject: [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing + +Signed-off-by: Jakub Jelen +--- + include/libssh/config_parser.h | 11 ++++++++--- + src/config.c | 4 ++-- + src/config_parser.c | 19 ++++++++++++++----- + src/options.c | 10 ++-------- + 4 files changed, 26 insertions(+), 18 deletions(-) + +diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h +index a7dd42a2c..ca353432b 100644 +--- a/include/libssh/config_parser.h ++++ b/include/libssh/config_parser.h +@@ -30,6 +30,8 @@ + extern "C" { + #endif + ++#include ++ + char *ssh_config_get_cmd(char **str); + + char *ssh_config_get_token(char **str); +@@ -49,14 +51,17 @@ int ssh_config_get_yesno(char **str, int notfound); + * be stored or NULL if we do not care about the result. + * @param[out] port Pointer to the location, where the new port will + * be stored or NULL if we do not care about the result. ++ * @param[in] ignore_port Set to true if the we should not attempt to parse ++ * port number. + * + * @returns SSH_OK if the provided string is in format of SSH URI, + * SSH_ERROR on failure + */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port); ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port); + + #ifdef __cplusplus + } +diff --git a/src/config.c b/src/config.c +index 5eedbce96..7135c3b19 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + if (parse_entry) { + /* We actually care only about the first item */ +- rv = ssh_config_parse_uri(cp, &username, &hostname, &port); ++ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false); + /* The rest of the list needs to be passed on */ + if (endp != NULL) { + next = strdup(endp + 1); +@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + } else { + /* The rest is just sanity-checked to avoid failures later */ +- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL); ++ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false); + } + if (rv != SSH_OK) { + goto out; +diff --git a/src/config_parser.c b/src/config_parser.c +index 9ffc8b8b0..b30e94091 100644 +--- a/src/config_parser.c ++++ b/src/config_parser.c +@@ -161,10 +161,14 @@ int ssh_config_get_yesno(char **str, int notfound) + return notfound; + } + ++/* Parse the URI extracting parts such as a username, hostname and port. ++ * If the port is NULL, do not expect port present and be more lax for example ++ * with matching IPv6 address which have the same separators as host:port */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port) ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port) + { + char *endp = NULL; + long port_n; +@@ -210,12 +214,17 @@ int ssh_config_parse_uri(const char *tok, + if (endp == NULL) { + goto error; + } +- } else { +- /* Hostnames or aliases expand to the last colon or to the end */ ++ } else if (!ignore_port) { ++ /* Hostnames or aliases expand to the last colon (if port is requested) ++ * or to the end */ + endp = strrchr(tok, ':'); + if (endp == NULL) { + endp = strchr(tok, '\0'); + } ++ } else { ++ /* If no port is requested, expand to the end of line ++ * (to accommodate the IPv6 addresses) */ ++ endp = strchr(tok, '\0'); + } + if (tok == endp) { + /* Zero-length hostnames are not valid */ +diff --git a/src/options.c b/src/options.c +index 2e73be462..676c49e7a 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -634,17 +634,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, + ssh_set_error_invalid(session); + return -1; + } else { +- char *username = NULL, *hostname = NULL, *port = NULL; +- rc = ssh_config_parse_uri(value, &username, &hostname, &port); ++ char *username = NULL, *hostname = NULL; ++ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true); + if (rc != SSH_OK) { + return -1; + } +- if (port != NULL) { +- SAFE_FREE(username); +- SAFE_FREE(hostname); +- SAFE_FREE(port); +- return -1; +- } + if (username != NULL) { + SAFE_FREE(session->opts.username); + session->opts.username = username; +-- +GitLab + + +From f2ec751f09901b9c539ae096f5ee4fc63f305f30 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 09:52:18 +0100 +Subject: [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as + hostnames + +This was an issue in cockpit: + +https://github.com/cockpit-project/cockpit/issues/19772 + +Signed-off-by: Jakub Jelen +--- + tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++ + tests/unittests/torture_options.c | 16 ++++++++++ + 2 files changed, 65 insertions(+) + +diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c +index bc6b08f94..751aa126c 100644 +--- a/tests/unittests/torture_config.c ++++ b/tests/unittests/torture_config.c +@@ -2332,6 +2332,53 @@ static void torture_config_make_absolute_no_sshdir(void **state) + torture_config_make_absolute_int(state, 1); + } + ++static void torture_config_parse_uri(void **state) ++{ ++ char *username = NULL; ++ char *hostname = NULL; ++ char *port = NULL; ++ int rc; ++ ++ (void)state; /* unused */ ++ ++ rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "localhost"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ /* do not want port */ ++ rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++} ++ + int torture_run_tests(void) + { + int rc; +@@ -2424,6 +2471,8 @@ int torture_run_tests(void) + setup, teardown), + cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir, + setup_no_sshdir, teardown), ++ cmocka_unit_test_setup_teardown(torture_config_parse_uri, ++ setup, teardown), + }; + + +diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c +index 5ba3bdc6a..b07712d86 100644 +--- a/tests/unittests/torture_options.c ++++ b/tests/unittests/torture_options.c +@@ -57,6 +57,20 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "localhost"); + ++ /* IPv4 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "127.1.1.1"); ++ assert_null(session->opts.username); ++ ++ /* IPv6 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "::1"); ++ assert_null(session->opts.username); ++ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation"); + assert_true(rc == 0); + assert_non_null(session->opts.host); +@@ -64,12 +78,14 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "guru"); + ++ /* more @ in uri is OK -- it should go to the username */ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname"); + assert_true(rc == 0); + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "hostname"); + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "at@login"); ++ + } + + static void torture_options_set_ciphers(void **state) { +-- +GitLab + diff --git a/libssh.changes b/libssh.changes index 8276c52..c866c4f 100644 --- a/libssh.changes +++ b/libssh.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sat Dec 23 10:35:07 UTC 2023 - Andreas Schneider + +- Fix regression parsing IPv6 addresses provided as hostname + * Added libssh-fix-ipv6-hostname-regression.patch + +------------------------------------------------------------------- +Tue Dec 19 12:28:53 UTC 2023 - Andreas Schneider + +- Update to version 0.10.6 + https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ +- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209) +- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126) +- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186) + ------------------------------------------------------------------- Mon Sep 25 09:09:25 UTC 2023 - Pedro Monreal diff --git a/libssh.spec b/libssh.spec index 6173610..88179e2 100644 --- a/libssh.spec +++ b/libssh.spec @@ -30,7 +30,7 @@ %bcond_with test %endif Name: libssh%{pkg_suffix} -Version: 0.10.5 +Version: 0.10.6 Release: 0 Summary: The SSH library License: LGPL-2.1-or-later @@ -43,6 +43,7 @@ Source3: libssh_client.config Source4: libssh_server.config Source99: baselibs.conf Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch +Patch1: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/431.patch#/libssh-fix-ipv6-hostname-regression.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: krb5-devel