pool/libssh2_org
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 939263 from devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/939263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libssh2_org?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2021-12-12 20:27:19 +00:00 committed by Git OBS Bridge
commit befa0231df
8 changed files with 80 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libssh2-1.10.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51
size 965044

11
libssh2-1.10.0.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmEr8DkACgkQXMkI/bce
EsIVWAgAnukavrtNIUkCCaXT7XBn8I4zLhXrfHted+Hq/c5wXi05cm1p1F2q7dun
aoiwayYydw2PglbZPRrC75dhQS1aIHg+0ZyjdpoyJEPmXuy3oYHSYqIs5ac9/JGF
/+/aumQwqLfSxBSo2Sa4si9aQblu9atdOWMnhOFT+kuu/FyfWrFv1ru3+NgefX2y
X+wbNOKl4KfAxJsAcNw48BbTooZVwBMYbKph2Nm+GzZ1H6biM6+BBlJjybTX3fHZ
6g+KBJrB/uP7Fy/fozn1sYokGAvDIEzXBXofA9bP44ejouNopDR0dll0MVUHnlqd
l0FCMO0pxJIGZD9se6UOkibhhYcQdQ==
=eKk3
-----END PGP SIGNATURE-----

3
libssh2-1.9.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
size 888551

11
libssh2-1.9.0.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl0LJYMACgkQXMkI/bce
EsLN6Af9G7wRkmiJre8ocUpeWwNILaHr7N7IN+K4SkFFA8uxhf19ur73TX93twQk
Ft2N0biO3RxzL8Q6eMeLsxKCf1SKcW2M1taZfXSYq95+pWzSqtNasMZX/e6dTj9S
0V50nutZHCQFIAmRB9XF34xuHqIphEkt9ohWSzZv2XFpJwk/MQ03AL/vBWCGycns
dsITO7RRxmi9ymO4sDTlAGFxt/3CeoVEhaZ2UaBsKJWvxOFKKrw7/K44rAdx6SJQ
rX4ScKgkpuJX0bcJReGKwWcBzRkD4uHwD5HRLv6zfRDWxUQ+o3Ziq3FRgHbRCjnQ
6gN1teEjRkN+F80T+27aUDs/LcBKGg==
=cd3b
-----END PGP SIGNATURE-----

30
libssh2-ocloexec.patch
View File

@ -9,11 +9,11 @@ Subject: [PATCH] Use O_CLOEXEC where needed
src/userauth.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
Index: libssh2-1.9.0/src/agent.c
Index: libssh2-1.10.0/src/agent.c
===================================================================
--- libssh2-1.9.0.orig/src/agent.c
+++ libssh2-1.9.0/src/agent.c
@@ -157,7 +157,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
--- libssh2-1.10.0.orig/src/agent.c
+++ libssh2-1.10.0/src/agent.c
@@ -109,7 +109,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
"no auth sock variable");
}
@ -22,10 +22,10 @@ Index: libssh2-1.9.0/src/agent.c
if(agent->fd < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_BAD_SOCKET,
"failed creating socket");
Index: libssh2-1.9.0/src/knownhost.c
Index: libssh2-1.10.0/src/knownhost.c
===================================================================
--- libssh2-1.9.0.orig/src/knownhost.c
+++ libssh2-1.9.0/src/knownhost.c
--- libssh2-1.10.0.orig/src/knownhost.c
+++ libssh2-1.10.0/src/knownhost.c
@@ -963,7 +963,7 @@ libssh2_knownhost_readfile(LIBSSH2_KNOWN
"Unsupported type of known-host information "
"store");
@ -44,10 +44,10 @@ Index: libssh2-1.9.0/src/knownhost.c
if(!file)
return _libssh2_error(hosts->session, LIBSSH2_ERROR_FILE,
"Failed to open file");
Index: libssh2-1.9.0/src/userauth.c
Index: libssh2-1.10.0/src/userauth.c
===================================================================
--- libssh2-1.9.0.orig/src/userauth.c
+++ libssh2-1.9.0/src/userauth.c
--- libssh2-1.10.0.orig/src/userauth.c
+++ libssh2-1.10.0/src/userauth.c
@@ -578,7 +578,7 @@ file_read_publickey(LIBSSH2_SESSION * se
_libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Loading public key file: %s",
pubkeyfile);
@ -57,11 +57,11 @@ Index: libssh2-1.9.0/src/userauth.c
if(!fd) {
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to open public key file");
Index: libssh2-1.9.0/src/libssh2_priv.h
Index: libssh2-1.10.0/src/libssh2_priv.h
===================================================================
--- libssh2-1.9.0.orig/src/libssh2_priv.h
+++ libssh2-1.9.0/src/libssh2_priv.h
@@ -1138,6 +1138,8 @@ endings either CRLF or LF so 't' is appr
--- libssh2-1.10.0.orig/src/libssh2_priv.h
+++ libssh2-1.10.0/src/libssh2_priv.h
@@ -1149,6 +1149,8 @@ endings either CRLF or LF so 't' is appr
#define FOPEN_READTEXT "r"
#define FOPEN_WRITETEXT "w"
#define FOPEN_APPENDTEXT "a"
@ -69,4 +69,4 @@ Index: libssh2-1.9.0/src/libssh2_priv.h
+#define FOPEN_WRITETEXT_CLOEXEC "we"
#endif
#endif /* LIBSSH2_H */
#endif /* __LIBSSH2_PRIV_H */

124
libssh2_org-CVE-2019-17498.patch
View File

@ -1,124 +0,0 @@
From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Fri, 30 Aug 2019 09:57:38 -0700
Subject: [PATCH] packet.c: improve message parsing (#402)
* packet.c: improve parsing of packets
file: packet.c
notes:
Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
---
src/packet.c | 68 ++++++++++++++++++++++------------------------------
1 file changed, 29 insertions(+), 39 deletions(-)
diff --git a/src/packet.c b/src/packet.c
index 38ab6294..2e01bfc5 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
size_t datalen, int macstate)
{
int rc = 0;
- char *message = NULL;
- char *language = NULL;
+ unsigned char *message = NULL;
+ unsigned char *language = NULL;
size_t message_len = 0;
size_t language_len = 0;
LIBSSH2_CHANNEL *channelp = NULL;
@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
case SSH_MSG_DISCONNECT:
if(datalen >= 5) {
- size_t reason = _libssh2_ntohu32(data + 1);
+ uint32_t reason = 0;
+ struct string_buf buf;
+ buf.data = (unsigned char *)data;
+ buf.dataptr = buf.data;
+ buf.len = datalen;
+ buf.dataptr++; /* advance past type */
- if(datalen >= 9) {
- message_len = _libssh2_ntohu32(data + 5);
+ _libssh2_get_u32(&buf, &reason);
+ _libssh2_get_string(&buf, &message, &message_len);
+ _libssh2_get_string(&buf, &language, &language_len);
- if(message_len < datalen-13) {
- /* 9 = packet_type(1) + reason(4) + message_len(4) */
- message = (char *) data + 9;
-
- language_len =
- _libssh2_ntohu32(data + 9 + message_len);
- language = (char *) data + 9 + message_len + 4;
-
- if(language_len > (datalen-13-message_len)) {
- /* bad input, clear info */
- language = message = NULL;
- language_len = message_len = 0;
- }
- }
- else
- /* bad size, clear it */
- message_len = 0;
- }
if(session->ssh_msg_disconnect) {
- LIBSSH2_DISCONNECT(session, reason, message,
- message_len, language, language_len);
+ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
+ message_len, (const char *)language,
+ language_len);
}
+
_libssh2_debug(session, LIBSSH2_TRACE_TRANS,
"Disconnect(%d): %s(%s)", reason,
message, language);
@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
int always_display = data[1];
if(datalen >= 6) {
- message_len = _libssh2_ntohu32(data + 2);
-
- if(message_len <= (datalen - 10)) {
- /* 6 = packet_type(1) + display(1) + message_len(4) */
- message = (char *) data + 6;
- language_len = _libssh2_ntohu32(data + 6 +
- message_len);
-
- if(language_len <= (datalen - 10 - message_len))
- language = (char *) data + 10 + message_len;
- }
+ struct string_buf buf;
+ buf.data = (unsigned char *)data;
+ buf.dataptr = buf.data;
+ buf.len = datalen;
+ buf.dataptr += 2; /* advance past type & always display */
+
+ _libssh2_get_string(&buf, &message, &message_len);
+ _libssh2_get_string(&buf, &language, &language_len);
}
if(session->ssh_msg_debug) {
- LIBSSH2_DEBUG(session, always_display, message,
- message_len, language, language_len);
+ LIBSSH2_DEBUG(session, always_display,
+ (const char *)message,
+ message_len, (const char *)language,
+ language_len);
}
}
+
/*
* _libssh2_debug will actually truncate this for us so
* that it's not an inordinate about of data
@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
uint32_t len = 0;
unsigned char want_reply = 0;
len = _libssh2_ntohu32(data + 1);
- if(datalen >= (6 + len)) {
+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
want_reply = data[5 + len];
_libssh2_debug(session,
LIBSSH2_TRACE_CONN,

49
libssh2_org.changes
View File

@ -1,3 +1,52 @@
-------------------------------------------------------------------
Fri Dec 10 14:41:20 UTC 2021 - David Anes <david.anes@suse.com>
- Bump to version 1.10.0
Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
- Rebased patch libssh2-ocloexec.path
- Removed patch libssh2_org-CVE-2019-17498.patch: the security fix
is already included in the latest version.
-------------------------------------------------------------------
Thu Aug 27 12:47:32 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

8
libssh2_org.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libssh2_org
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%define pkg_name libssh2
Name: libssh2_org
Version: 1.9.0
Version: 1.10.0
Release: 0
Summary: A library implementing the SSH2 protocol
License: BSD-3-Clause
@ -29,8 +29,6 @@ Source1: https://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.a
Source2: baselibs.conf
Source3: libssh2_org.keyring
Patch0: libssh2-ocloexec.patch
# PATCH-FIX-UPSTREAM bsc#1154862 CVE-2019-17498
Patch1: libssh2_org-CVE-2019-17498.patch
BuildRequires: libtool
BuildRequires: openssl-devel
BuildRequires: pkgconfig
@ -69,11 +67,9 @@ SECSH-PUBLICKEY.
%prep
%setup -q -n %{pkg_name}-%{version}
%patch0 -p1
%patch1 -p1
%build
sed -i -e 's@AM_CONFIG_HEADER@AC_CONFIG_HEADERS@g' configure.ac
cp src/libssh2_config.h.in example/libssh2_config.h
# remove m4 macro files for libtool as they should be picked up by
rm -v m4/libtool.m4 m4/lt*
autoreconf -fiv