diff --git a/CVE-2020-16135-1.patch b/CVE-2020-16135-1.patch deleted file mode 100644 index a61c5103c7c90aac6f2e313cafe30e948e3b79f3..0000000000000000000000000000000000000000 --- a/CVE-2020-16135-1.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 72ca8cc3eceb732c777dfd66e1441f0b34c655a8 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 3 Jun 2020 10:04:09 +0200 -Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new() - -Thanks to Ramin Farajpour Cami for spotting this. - -Fixes T232 - -Signed-off-by: Andreas Schneider -Reviewed-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - src/sftpserver.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/sftpserver.c b/src/sftpserver.c -index 5a2110e..b639a2c 100644 ---- a/src/sftpserver.c -+++ b/src/sftpserver.c -@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { - - /* take a copy of the whole packet */ - msg->complete_message = ssh_buffer_new(); -+ if (msg->complete_message == NULL) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } -+ - ssh_buffer_add_data(msg->complete_message, - ssh_buffer_get(payload), - ssh_buffer_get_len(payload)); --- -2.23.0 - diff --git a/CVE-2020-16135-2.patch b/CVE-2020-16135-2.patch deleted file mode 100644 index 2da3e120423d046c47b1beefb891c5b273ba0ad7..0000000000000000000000000000000000000000 --- a/CVE-2020-16135-2.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c7b21bfbcd41205d93492a792c973643c94d3079 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 3 Jun 2020 10:05:51 +0200 -Subject: [PATCH 2/4] sftpserver: Add missing return check for - ssh_buffer_add_data() - -Signed-off-by: Andreas Schneider -Reviewed-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - src/sftpserver.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/sftpserver.c b/src/sftpserver.c -index b639a2c..9117f15 100644 ---- a/src/sftpserver.c -+++ b/src/sftpserver.c -@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { - return NULL; - } - -- ssh_buffer_add_data(msg->complete_message, -- ssh_buffer_get(payload), -- ssh_buffer_get_len(payload)); -+ rc = ssh_buffer_add_data(msg->complete_message, -+ ssh_buffer_get(payload), -+ ssh_buffer_get_len(payload)); -+ if (rc < 0) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } - - ssh_buffer_get_u32(payload, &msg->id); - --- -2.23.0 - diff --git a/CVE-2020-16135-3.patch b/CVE-2020-16135-3.patch deleted file mode 100644 index 0ebce074f99f06f41aaddc70e973809c0828feba..0000000000000000000000000000000000000000 --- a/CVE-2020-16135-3.patch +++ /dev/null @@ -1,66 +0,0 @@ -From dafd55eda0093a2201ad847532b9c55af2a01247 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 3 Jun 2020 10:10:11 +0200 -Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data() - -Signed-off-by: Andreas Schneider -Reviewed-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - src/buffer.c | 35 ++++++++++++++++++----------------- - 1 file changed, 18 insertions(+), 17 deletions(-) - -diff --git a/src/buffer.c b/src/buffer.c -index a2e6246..476bc13 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) - */ - int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) - { -- buffer_verify(buffer); -+ buffer_verify(buffer); - -- if (data == NULL) { -- return -1; -- } -+ if (data == NULL) { -+ return -1; -+ } - -- if (buffer->used + len < len) { -- return -1; -- } -+ if (buffer->used + len < len) { -+ return -1; -+ } - -- if (buffer->allocated < (buffer->used + len)) { -- if(buffer->pos > 0) -- buffer_shift(buffer); -- if (realloc_buffer(buffer, buffer->used + len) < 0) { -- return -1; -+ if (buffer->allocated < (buffer->used + len)) { -+ if (buffer->pos > 0) { -+ buffer_shift(buffer); -+ } -+ if (realloc_buffer(buffer, buffer->used + len) < 0) { -+ return -1; -+ } - } -- } - -- memcpy(buffer->data+buffer->used, data, len); -- buffer->used+=len; -- buffer_verify(buffer); -- return 0; -+ memcpy(buffer->data + buffer->used, data, len); -+ buffer->used += len; -+ buffer_verify(buffer); -+ return 0; - } - - /** --- -2.23.0 - diff --git a/CVE-2020-16135-4.patch b/CVE-2020-16135-4.patch deleted file mode 100644 index bdd8eb8578ae416c303fc5eea1102bc8a7ceccba..0000000000000000000000000000000000000000 --- a/CVE-2020-16135-4.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7a4b7eec9a2921ba275be500e05f436ee8ace198 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 3 Jun 2020 10:11:21 +0200 -Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument - -Signed-off-by: Andreas Schneider -Reviewed-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen ---- - src/buffer.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/buffer.c b/src/buffer.c -index 476bc13..ce12f49 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) - */ - int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) - { -+ if (buffer == NULL) { -+ return -1; -+ } -+ - buffer_verify(buffer); - - if (data == NULL) { --- -2.23.0 - diff --git a/libssh-0.9.4-fix-version.patch b/libssh-0.9.4-fix-version.patch deleted file mode 100644 index 143e9727f09c444299dab8f30d2d421a235e5331..0000000000000000000000000000000000000000 --- a/libssh-0.9.4-fix-version.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200 -+++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200 -@@ -79,7 +79,7 @@ - /* libssh version */ - #define LIBSSH_VERSION_MAJOR 0 - #define LIBSSH_VERSION_MINOR 9 --#define LIBSSH_VERSION_MICRO 3 -+#define LIBSSH_VERSION_MICRO 4 - - #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \ - LIBSSH_VERSION_MINOR, \ diff --git a/libssh-0.9.4.tar.xz b/libssh-0.9.4.tar.xz deleted file mode 100644 index 8c8bed0355b44341dcc20bb83880c3014bda987b..0000000000000000000000000000000000000000 Binary files a/libssh-0.9.4.tar.xz and /dev/null differ diff --git a/libssh-0.9.4.tar.xz.asc b/libssh-0.9.4.tar.xz.asc deleted file mode 100644 index 84b673cae1cd3f70af04dd125332d6af87b648c2..0000000000000000000000000000000000000000 --- a/libssh-0.9.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB -Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U -iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi -tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X -fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU -XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5 -nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr -jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W -EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy -w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz -emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0 -lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0= -=xSu8 ------END PGP SIGNATURE----- diff --git a/libssh-0.9.5.tar.xz b/libssh-0.9.5.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..5a1a02c69258668137115ab3e8142e9b65f00e91 Binary files /dev/null and b/libssh-0.9.5.tar.xz differ diff --git a/libssh-0.9.5.tar.xz.asc b/libssh-0.9.5.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..bf12d8af9d680945c33a6f4666ab9c3156058651 --- /dev/null +++ b/libssh-0.9.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl9aH9kACgkQfuD8TcwB +Tj35ZA/9G7lNf/byK3cJeXKb8Lp2oZ3iiAral4uT/cylnXnEa7dOoTjwV5MYvQqm +BDYFta7wsGBEWLOLrtyDJr4+krh9TSs53UVwieRTd0Z87MlcTb+a0gtiJa3Y5Gdv +QNge9rnUGr1MdTwvpPcSvQmoa7iH9HGzC2KrOCCyihUWX9kB+DNKWeSGJAZLNIJv +C3DvB8N0di/X5f74loRsAkwA6DAfiRtd8QyuqY7NeP3ZK/cEG5R/4WpCmCHCriBI +oBamKQT2CmNkHGCxMhN5iQFcm3D92lKdTLrMP+v0HlZnIjkzVJVBJeqn7FkWT967 +JvGqDGEiNozH4eGGjQn5SyHaVCQIv5S815L2mEKG+p0F8BvW6fQs34/RA5np3J2s +SPSFhzKuORePQzoVzF8/Jsf7cTTuzgaSFKi2dkbgkqe39DnKOWhT0K6QVGfNbajz +C/a9GVRl7t6Q/kNR6dFAqc++7civlfQf2Dav1NfEobJxR+DpO5CPXBCuauTXgP8Y +gbvQjfBqk2Gl4VOfCObtEfLiHPNeLI/QpKq9+KAtQlWFawCOhIZsBH/p2ynDI+XJ +wxfLiXPkfeNuQUUuP126mkG9GxbsHGLY38p4WKEQQ3zVx1Pxilq77ZhKGMmTgnvA +/ArOwn3wNwgoP6OQdsy1hxTk16TZ+pRttJyhrdebEX7DnxAgPyw= +=eqzl +-----END PGP SIGNATURE----- diff --git a/libssh.spec b/libssh.spec index fbed4d61299bd1021422b39d92119389ab1ba2ad..9fec48ea188c11559a1b8945328d91976323446a 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh -Version: 0.9.4 -Release: 2 +Version: 0.9.5 +Release: 1 Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -9,12 +9,6 @@ Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring -Patch1: libssh-0.9.4-fix-version.patch -Patch2: CVE-2020-16135-1.patch -Patch3: CVE-2020-16135-2.patch -Patch4: CVE-2020-16135-3.patch -Patch5: CVE-2020-16135-4.patch - BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server BuildRequires: nmap-ncat libssh @@ -100,6 +94,12 @@ popd %doc ChangeLog README %changelog +* Fri Jan 29 2021 xihaochen - 0.9.5-1 +- Type:requirements +- Id:NA +- SUG:NA +- DESC:update libssh to 0.9.5 + * Thu Aug 6 2020 zhaowei - 0.9.4-2 - Type:CVE - Id:CVE-2020-16135