!12 update libssh to 0.9.5

From: @haochenstar Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng
2021-01-30 14:33:28 +08:00 · 2021-01-30 14:33:28 +08:00 · 3c05843042
commit 3c05843042
parent a0a404dc0b 40ee1bac48
10 changed files with 24 additions and 205 deletions
--- a/CVE-2020-16135-1.patch
+++ b/CVE-2020-16135-1.patch
@ -1,36 +0,0 @@
-From 72ca8cc3eceb732c777dfd66e1441f0b34c655a8 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:04:09 +0200
-Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new()
-
-Thanks to Ramin Farajpour Cami for spotting this.
-
-Fixes T232
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
- src/sftpserver.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index 5a2110e..b639a2c 100644
--- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
- 
-   /* take a copy of the whole packet */
-   msg->complete_message = ssh_buffer_new();
-+  if (msg->complete_message == NULL) {
-+      ssh_set_error_oom(session);
-+      sftp_client_message_free(msg);
-+      return NULL;
-+  }
-+
-   ssh_buffer_add_data(msg->complete_message,
-                       ssh_buffer_get(payload),
-                       ssh_buffer_get_len(payload));
-- 
-2.23.0
-
--- a/CVE-2020-16135-2.patch
+++ b/CVE-2020-16135-2.patch
@ -1,38 +0,0 @@
-From c7b21bfbcd41205d93492a792c973643c94d3079 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:05:51 +0200
-Subject: [PATCH 2/4] sftpserver: Add missing return check for
- ssh_buffer_add_data()
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
- src/sftpserver.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index b639a2c..9117f15 100644
--- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
-       return NULL;
-   }
- 
-  ssh_buffer_add_data(msg->complete_message,
-                      ssh_buffer_get(payload),
-                      ssh_buffer_get_len(payload));
-+  rc = ssh_buffer_add_data(msg->complete_message,
-+                           ssh_buffer_get(payload),
-+                           ssh_buffer_get_len(payload));
-+  if (rc < 0) {
-+      ssh_set_error_oom(session);
-+      sftp_client_message_free(msg);
-+      return NULL;
-+  }
- 
-   ssh_buffer_get_u32(payload, &msg->id);
- 
-- 
-2.23.0
-
--- a/CVE-2020-16135-3.patch
+++ b/CVE-2020-16135-3.patch
@ -1,66 +0,0 @@
-From dafd55eda0093a2201ad847532b9c55af2a01247 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:10:11 +0200
-Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data()
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
- src/buffer.c | 35 ++++++++++++++++++-----------------
- 1 file changed, 18 insertions(+), 17 deletions(-)
-
-diff --git a/src/buffer.c b/src/buffer.c
-index a2e6246..476bc13 100644
--- a/src/buffer.c
-+++ b/src/buffer.c
-@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
-  */
- int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
- {
-  buffer_verify(buffer);
-+    buffer_verify(buffer);
- 
-  if (data == NULL) {
-      return -1;
-  }
-+    if (data == NULL) {
-+        return -1;
-+    }
- 
-  if (buffer->used + len < len) {
-    return -1;
-  }
-+    if (buffer->used + len < len) {
-+        return -1;
-+    }
- 
-  if (buffer->allocated < (buffer->used + len)) {
-    if(buffer->pos > 0)
-      buffer_shift(buffer);
-    if (realloc_buffer(buffer, buffer->used + len) < 0) {
-      return -1;
-+    if (buffer->allocated < (buffer->used + len)) {
-+        if (buffer->pos > 0) {
-+            buffer_shift(buffer);
-+        }
-+        if (realloc_buffer(buffer, buffer->used + len) < 0) {
-+            return -1;
-+        }
-     }
-  }
- 
-  memcpy(buffer->data+buffer->used, data, len);
-  buffer->used+=len;
-  buffer_verify(buffer);
-  return 0;
-+    memcpy(buffer->data + buffer->used, data, len);
-+    buffer->used += len;
-+    buffer_verify(buffer);
-+    return 0;
- }
- 
- /**
-- 
-2.23.0
-
--- a/CVE-2020-16135-4.patch
+++ b/CVE-2020-16135-4.patch
@ -1,30 +0,0 @@
-From 7a4b7eec9a2921ba275be500e05f436ee8ace198 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:11:21 +0200
-Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
- src/buffer.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/buffer.c b/src/buffer.c
-index 476bc13..ce12f49 100644
--- a/src/buffer.c
-+++ b/src/buffer.c
-@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
-  */
- int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
- {
-+    if (buffer == NULL) {
-+        return -1;
-+    }
-+
-     buffer_verify(buffer);
- 
-     if (data == NULL) {
-- 
-2.23.0
-
--- a/libssh-0.9.4-fix-version.patch
+++ b/libssh-0.9.4-fix-version.patch
@ -1,11 +0,0 @@
--- a/include/libssh/libssh.h	2020-04-15 13:38:32.899177005 +0200
-+++ b/include/libssh/libssh.h	2020-04-15 13:38:57.406454427 +0200
-@@ -79,7 +79,7 @@
- /* libssh version */
- #define LIBSSH_VERSION_MAJOR  0
- #define LIBSSH_VERSION_MINOR  9
-#define LIBSSH_VERSION_MICRO  3
-+#define LIBSSH_VERSION_MICRO  4
- 
- #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
-                                            LIBSSH_VERSION_MINOR, \
--- a/libssh-0.9.4.tar.xz
+++ b/libssh-0.9.4.tar.xz
--- a/libssh-0.9.4.tar.xz.asc
+++ b/libssh-0.9.4.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB
-Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U
-iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi
-tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X
-fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU
-XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5
-nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr
-jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W
-EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy
-w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz
-emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0
-lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0=
-=xSu8
-----END PGP SIGNATURE-----
--- a/libssh-0.9.5.tar.xz
+++ b/libssh-0.9.5.tar.xz
--- a/libssh-0.9.5.tar.xz.asc
+++ b/libssh-0.9.5.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl9aH9kACgkQfuD8TcwB
+Tj35ZA/9G7lNf/byK3cJeXKb8Lp2oZ3iiAral4uT/cylnXnEa7dOoTjwV5MYvQqm
+BDYFta7wsGBEWLOLrtyDJr4+krh9TSs53UVwieRTd0Z87MlcTb+a0gtiJa3Y5Gdv
+QNge9rnUGr1MdTwvpPcSvQmoa7iH9HGzC2KrOCCyihUWX9kB+DNKWeSGJAZLNIJv
+C3DvB8N0di/X5f74loRsAkwA6DAfiRtd8QyuqY7NeP3ZK/cEG5R/4WpCmCHCriBI
+oBamKQT2CmNkHGCxMhN5iQFcm3D92lKdTLrMP+v0HlZnIjkzVJVBJeqn7FkWT967
+JvGqDGEiNozH4eGGjQn5SyHaVCQIv5S815L2mEKG+p0F8BvW6fQs34/RA5np3J2s
+SPSFhzKuORePQzoVzF8/Jsf7cTTuzgaSFKi2dkbgkqe39DnKOWhT0K6QVGfNbajz
+C/a9GVRl7t6Q/kNR6dFAqc++7civlfQf2Dav1NfEobJxR+DpO5CPXBCuauTXgP8Y
+gbvQjfBqk2Gl4VOfCObtEfLiHPNeLI/QpKq9+KAtQlWFawCOhIZsBH/p2ynDI+XJ
+wxfLiXPkfeNuQUUuP126mkG9GxbsHGLY38p4WKEQQ3zVx1Pxilq77ZhKGMmTgnvA
+/ArOwn3wNwgoP6OQdsy1hxTk16TZ+pRttJyhrdebEX7DnxAgPyw=
+=eqzl
+-----END PGP SIGNATURE-----
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
-Version:        0.9.4
-Release:        2
+Version:        0.9.5
+Release:        1
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@ -9,12 +9,6 @@ Source0:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
 Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
 Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring

-Patch1:         libssh-0.9.4-fix-version.patch
-Patch2:         CVE-2020-16135-1.patch
-Patch3:         CVE-2020-16135-2.patch
-Patch4:         CVE-2020-16135-3.patch
-Patch5:         CVE-2020-16135-4.patch
-
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
 BuildRequires:  nmap-ncat libssh
@ -100,6 +94,12 @@ popd
 %doc ChangeLog README

 %changelog
+* Fri Jan 29 2021 xihaochen <xihaochen@huawei.com> - 0.9.5-1
+- Type:requirements                                                                                                                                            
+- Id:NA
+- SUG:NA
+- DESC:update libssh to 0.9.5
+
 * Thu Aug 6 2020 zhaowei <zhaowei23@huawei.com> - 0.9.4-2
 - Type:CVE
 - Id:CVE-2020-16135