packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 0.10.4

Browse Source
This commit is contained in:
renmingshuai 2023-02-03 10:08:02 +08:00
parent 297468a426
commit 62d5b36b03
23 changed files with 25 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
backport-Add-errno-reset-with-strtoul-call.patch
View File

@ -1,62 +0,0 @@
From eb9dc8cfc45875ddf8dd193eb16e506937ce5355 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Tue, 7 Jun 2022 14:28:30 +0200
Subject: [PATCH] Add errno reset with strtoul call
Contaminated errno can happen before strtoul call, thereofore
cleaning it before the call.
The errno is not used for checking later in code if fail happens,
therefore cleaning it right after error.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/misc.c | 4 ++++
tests/pkd/pkd_util.c | 1 +
2 files changed, 5 insertions(+)
diff --git a/src/misc.c b/src/misc.c
index f7efb9df..e890e829 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1361,21 +1361,25 @@ int ssh_analyze_banner(ssh_session session, int server)
* 012345678901234567890
*/
if (strlen(openssh) > 9) {
+ errno = 0;
major = strtoul(openssh + 8, &tmp, 10);
if ((tmp == (openssh + 8)) ||
((errno == ERANGE) && (major == ULONG_MAX)) ||
((errno != 0) && (major == 0)) ||
((major < 1) || (major > 100))) {
/* invalid major */
+ errno = 0;
goto done;
}
+ errno = 0;
minor = strtoul(openssh + 10, &tmp, 10);
if ((tmp == (openssh + 10)) ||
((errno == ERANGE) && (major == ULONG_MAX)) ||
((errno != 0) && (major == 0)) ||
(minor > 100)) {
/* invalid minor */
+ errno = 0;
goto done;
}
diff --git a/tests/pkd/pkd_util.c b/tests/pkd/pkd_util.c
index 0e3b19b4..e8e6fbb7 100644
--- a/tests/pkd/pkd_util.c
+++ b/tests/pkd/pkd_util.c
@@ -81,6 +81,7 @@ static int is_openssh_client_new_enough(void) {
((major < 1) || (major > 100))) {
fprintf(stderr, "failed to parse OpenSSH client version, "
"errno %d\n", errno);
+ errno = 0;
goto errversion;
}
--
2.33.0

27
backport-auth-Fix-error-returned-in-ssh_userauth_try_publicke.patch
View File

@ -1,27 +0,0 @@
From f6ad8057a71e7a690d31d43c3797081ff544e3fd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 22 Jun 2022 15:22:37 +0200
Subject: [PATCH] auth: Fix error returned in ssh_userauth_try_publickey()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth.c b/src/auth.c
index 2e48cfc6..6343c6a9 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -518,7 +518,7 @@ int ssh_userauth_try_publickey(ssh_session session,
SSH_FATAL,
"Wrong state (%d) during pending SSH call",
session->pending_call_state);
- return SSH_ERROR;
+ return SSH_AUTH_ERROR;
}
/* Check if the given public key algorithm is allowed */
--
2.33.0

32
backport-client-Do-not-close-the-socket-if-it-was-set-via-opt.patch
View File

@ -1,32 +0,0 @@
From 4b20d7ad1882feafb28e4371cd7c7c1c9c499153 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 19 Apr 2022 16:22:12 +0200
Subject: [PATCH] client: Do not close the socket if it was set via options
Fixes #122
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/client.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/client.c b/src/client.c
index 4e2a299d..a41764f1 100644
--- a/src/client.c
+++ b/src/client.c
@@ -720,7 +720,10 @@ ssh_disconnect(ssh_session session)
}
ssh_packet_send(session);
- ssh_socket_close(session->socket);
+ /* Do not close the socket, if the fd was set via options. */
+ if (session->opts.fd == SSH_INVALID_SOCKET) {
+ ssh_socket_close(session->socket);
+ }
}
error:
session->recv_seq = 0;
--
2.33.0

28
backport-config-Avoid-false-positive-report-from-Cov.patch
View File

@ -1,28 +0,0 @@
From af85ee8e59798e178a9b2e763eaa5e9d3124eb3b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 11 Aug 2022 15:46:49 +0200
Subject: [PATCH] config: Avoid false positive report from Coveritt CID 1470006
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/config.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/config.c b/src/config.c
index 8270b3a9..bc7afcc7 100644
--- a/src/config.c
+++ b/src/config.c
@@ -618,7 +618,8 @@ ssh_config_parse_line(ssh_session session,
opcode != SOC_MATCH &&
opcode != SOC_INCLUDE &&
opcode != SOC_IDENTITY &&
- opcode > SOC_UNSUPPORTED) { /* Ignore all unknown types here */
+ opcode > SOC_UNSUPPORTED &&
+ opcode < SOC_MAX) { /* Ignore all unknown types here */
/* Skip all the options that were already applied */
if (seen[opcode] != 0) {
SAFE_FREE(x);
--
2.33.0

125
backport-kdf-Avoid-endianess-issues.patch
View File

@ -1,125 +0,0 @@
From 915df080588ce815c80da804780438ce9b2ac390 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 7 Sep 2022 12:40:00 +0200
Subject: [PATCH] kdf: Avoid endianess issues
The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
include/libssh/crypto.h | 2 +-
include/libssh/wrapper.h | 2 +-
src/kdf.c | 5 ++---
src/libcrypto.c | 4 ++--
src/libgcrypt.c | 2 +-
src/libmbedcrypto.c | 2 +-
6 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index f40d76b9..1d73613b 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -219,7 +219,7 @@ struct ssh_cipher_struct {
const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len);
#endif /* _CRYPTO_H_ */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index fd57cdb1..f4a33d2d 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len);
int crypt_set_algorithms_client(ssh_session session);
diff --git a/src/kdf.c b/src/kdf.c
index a88c92f8..44f06631 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
/* Can't use VLAs with Visual Studio, so allocate the biggest
* digest buffer we can possibly need */
unsigned char digest[DIGEST_MAX_LEN];
size_t output_len = crypto->digest_len;
- char letter = key_type;
ssh_mac_ctx ctx;
if (DIGEST_MAX_LEN < crypto->digest_len) {
@@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
ssh_mac_update(ctx, key, key_len);
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
- ssh_mac_update(ctx, &letter, 1);
+ ssh_mac_update(ctx, &key_type, 1);
ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
ssh_mac_final(digest, ctx);
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 5fef5209..468b63f0 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -214,7 +214,7 @@ static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
@@ -330,7 +330,7 @@ out:
#else
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index b8b86593..da5588ad 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -124,7 +124,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index c8137ce0..6d84bd51 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -127,7 +127,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
--
2.33.0

32
backport-libsshpp-Fix-openForward-to-not-set-sourcehost-to-NU.patch
View File

@ -1,32 +0,0 @@
From a889527c1b8f9831b47ceac510057585cdc81d39 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 15 Jun 2022 15:10:08 +0200
Subject: [PATCH] libsshpp: Fix openForward to not set sourcehost to NULL by
default
This parameter is required.
Fixes #25
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/libsshpp.hpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/libssh/libsshpp.hpp b/include/libssh/libsshpp.hpp
index a678d375..602c7aec 100644
--- a/include/libssh/libsshpp.hpp
+++ b/include/libssh/libsshpp.hpp
@@ -523,7 +523,7 @@ public:
return ssh_channel_is_open(channel) != 0;
}
int openForward(const char *remotehost, int remoteport,
- const char *sourcehost=NULL, int localport=0){
+ const char *sourcehost, int localport=0){
int err=ssh_channel_open_forward(channel,remotehost,remoteport,
sourcehost, localport);
ssh_throw(err);
--
2.33.0

27
backport-misc-Fix-expanding-port-numbers.patch
View File

@ -1,27 +0,0 @@
From 648baf0f3c567280e6decfa49ebc6fa01b635bdd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:03:40 +0200
Subject: [PATCH] misc: Fix expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/misc.c b/src/misc.c
index a2fdf31a..11a7479c 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1237,7 +1237,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
x = strdup(session->opts.username);
break;
case 'p':
- if (session->opts.port > 0) {
+ {
char tmp[6];
snprintf(tmp, sizeof(tmp), "%hu",
--
2.33.0

60
backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
View File

@ -1,60 +0,0 @@
From 20406e51c9e1e096dc8ba47975abad448a51bfc1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 26 Aug 2022 13:07:28 +0200
Subject: [PATCH] misc: Fix format truncation in ssh_path_expand_escape()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
error: %u directive output may be truncated writing between 1 and 10
bytes into a region of size 6.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/session.h | 2 +-
src/misc.c | 15 +++++++--------
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 0a6fb080..d3e5787c 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -223,7 +223,7 @@ struct ssh_session_struct {
char *custombanner;
unsigned long timeout; /* seconds */
unsigned long timeout_usec;
- unsigned int port;
+ uint16_t port;
socket_t fd;
int StrictHostKeyChecking;
char compressionlevel;
diff --git a/src/misc.c b/src/misc.c
index e6264101..a2fdf31a 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1237,14 +1237,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
x = strdup(session->opts.username);
break;
case 'p':
- if (session->opts.port < 65536) {
- char tmp[6];
-
- snprintf(tmp,
- sizeof(tmp),
- "%u",
- session->opts.port > 0 ? session->opts.port : 22);
- x = strdup(tmp);
+ if (session->opts.port > 0) {
+ char tmp[6];
+
+ snprintf(tmp, sizeof(tmp), "%hu",
+ (uint16_t)(session->opts.port > 0 ? session->opts.port
+ : 22));
+ x = strdup(tmp);
}
break;
default:
--
2.33.0

47
backport-misc-rename-gettimeofday-symbol.patch
View File

@ -1,47 +0,0 @@
From 17aec429f539517468446191e3da91df40e352d1 Mon Sep 17 00:00:00 2001
From: Timo Rothenpieler <timo@rothenpieler.org>
Date: Sat, 20 Aug 2022 16:00:15 +0200
Subject: [PATCH] misc: rename gettimeofday symbol
mingw does have this function, even though it appears to be deprecated.
So the symbol has to have a different name, or linking becomes
impossible.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/priv.h | 4 +++-
src/misc.c | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/libssh/priv.h b/include/libssh/priv.h
index ad932d2f..bab761b0 100644
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@@ -152,7 +152,9 @@ char *strndup(const char *s, size_t n);
# endif /* _MSC_VER */
struct timeval;
-int gettimeofday(struct timeval *__p, void *__t);
+int ssh_gettimeofday(struct timeval *__p, void *__t);
+
+#define gettimeofday ssh_gettimeofday
#define _XCLOSESOCKET closesocket
diff --git a/src/misc.c b/src/misc.c
index 81b23f25..e6264101 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -160,7 +160,7 @@ int ssh_dir_writeable(const char *path)
#define SSH_USEC_IN_SEC 1000000LL
#define SSH_SECONDS_SINCE_1601 11644473600LL
-int gettimeofday(struct timeval *__p, void *__t) {
+int ssh_gettimeofday(struct timeval *__p, void *__t) {
union {
unsigned long long ns100; /* time since 1 Jan 1601 in 100ns units */
FILETIME ft;
--
2.33.0

33
backport-options-Parse-hostname-by-last.patch
View File

@ -1,33 +0,0 @@
From bb5f7e2707c1d04cd080bc64ff748ec89cf614fa Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 4 Jul 2022 13:58:06 +0200
Subject: options: Parse hostname by last '@'
The login name can have '@' char in it
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=bb5f7e2707c1d04cd080bc64ff748ec89cf614fa
---
src/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/options.c b/src/options.c
index e4c80f8..9c2ac29 100644
--- a/src/options.c
+++ b/src/options.c
@@ -495,7 +495,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session);
return -1;
}
- p = strchr(q, '@');
+ p = strrchr(q, '@');
SAFE_FREE(session->opts.host);
--
2.33.0

31
backport-session-Initialize-pointers.patch
View File

@ -1,31 +0,0 @@
From 355e29d881dcf2d255fbe58864ef98dc3bc5653c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 4 Jul 2022 19:22:30 +0200
Subject: session: Initialize pointers
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=355e29d881dcf2d255fbe58864ef98dc3bc5653c
---
src/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index 3199096..484fe39 100644
--- a/src/session.c
+++ b/src/session.c
@@ -977,7 +977,7 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
ssh_key pubkey = NULL;
ssh_string pubkey_blob = NULL;
MD5CTX ctx;
- unsigned char *h;
+ unsigned char *h = NULL;
int rc;
if (session == NULL || hash == NULL) {
--
2.33.0

27
backport-session-Initialize-the-port-with-the-standa.patch
View File

@ -1,27 +0,0 @@
From f306aafdc6a6730538ca10a510fe3bd18714342c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:05:22 +0200
Subject: [PATCH] session: Initialize the port with the standard port (22)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index 9e1da5cd..6025c133 100644
--- a/src/session.c
+++ b/src/session.c
@@ -104,7 +104,7 @@ ssh_session ssh_new(void)
/* OPTIONS */
session->opts.StrictHostKeyChecking = 1;
- session->opts.port = 0;
+ session->opts.port = 22;
session->opts.fd = -1;
session->opts.compressionlevel = 7;
session->opts.nodelay = 0;
--
2.33.0

29
backport-session-socket_callbacks.data-will-be-set-t.patch
View File

@ -1,29 +0,0 @@
From 0799775185c4d9a26bbf074f11bf17aa5b055b3f Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Thu, 18 Aug 2022 20:00:25 +0800
Subject: [PATCH] session->socket_callbacks.data will be set to
ssh_packet_socket_callback
in ssh_packet_register_socket_callback. Here is redundant.
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/server.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index e33c9366..04949a94 100644
--- a/src/server.c
+++ b/src/server.c
@@ -361,7 +361,6 @@ static void ssh_server_connection_callback(ssh_session session){
}
/* from now, the packet layer is handling incoming packets */
- session->socket_callbacks.data=ssh_packet_socket_callback;
ssh_packet_register_socket_callback(session, session->socket);
ssh_packet_set_default_callbacks(session);
--
2.33.0

29
backport-sftp-fix-the-length-calculation-of-packet-in-sftp_wr.patch
View File

@ -1,29 +0,0 @@
From 332f1c2e093de27e7fcfe22d80f0660c57e002eb Mon Sep 17 00:00:00 2001
From: tatataeki <shengzeyu19_98@163.com>
Date: Wed, 29 Jun 2022 14:20:48 +0800
Subject: [PATCH] sftp: fix the length calculation of packet in sftp_write
Signed-off-by: tatataeki <shengzeyu19_98@163.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/sftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sftp.c b/src/sftp.c
index b1fa931e..e01012a8 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -2178,8 +2178,8 @@ ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
sftp_set_error(sftp, SSH_FX_FAILURE);
return -1;
}
- packetlen=ssh_buffer_get_len(buffer);
len = sftp_packet_write(file->sftp, SSH_FXP_WRITE, buffer);
+ packetlen=ssh_buffer_get_len(buffer);
SSH_BUFFER_FREE(buffer);
if (len < 0) {
return -1;
--
2.33.0

39
backport-socket-Add-error-message-if-execv-fails.patch
View File

@ -1,39 +0,0 @@
From 2546b6224223890af669c272c70ab45ec0298659 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 13:32:09 +0200
Subject: [PATCH] socket: Add error message if execv fails
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/socket.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/socket.c b/src/socket.c
index bd2cd28c..525b304f 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -891,6 +891,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
ssh_execute_command(const char *command, socket_t in, socket_t out)
{
const char *args[] = {"/bin/sh", "-c", command, NULL};
+ int rc;
/* Prepare /dev/null socket for the stderr redirection */
int devnull = open("/dev/null", O_WRONLY);
if (devnull == -1) {
@@ -915,7 +916,11 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
dup2(devnull, STDERR_FILENO);
close(in);
close(out);
- execv(args[0], (char * const *)args);
+ rc = execv(args[0], (char * const *)args);
+ if (rc < 0) {
+ SSH_LOG(SSH_LOG_WARN, "Failed to execute command %s: %s",
+ command, strerror(errno));
+ }
exit(1);
}
--
2.33.0

47
backport-tests-Add-test-for-expanding-port-numbers.patch
View File

@ -1,47 +0,0 @@
From 8c0be750db787d70863ad3bbbc1e70e75a8e223f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:08:58 +0200
Subject: [PATCH] tests: Add test for expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/unittests/torture_misc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index 354f37bc..6fdf3ab5 100644
--- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c
@@ -168,17 +168,25 @@ static void torture_path_expand_tilde_unix(void **state) {
static void torture_path_expand_escape(void **state) {
ssh_session session = *state;
- const char *s = "%d/%h/by/%r";
+ const char *s = "%d/%h/%p/by/%r";
char *e;
session->opts.sshdir = strdup("guru");
session->opts.host = strdup("meditation");
+ session->opts.port = 0;
session->opts.username = strdup("root");
e = ssh_path_expand_escape(session, s);
assert_non_null(e);
- assert_string_equal(e, "guru/meditation/by/root");
- free(e);
+ assert_string_equal(e, "guru/meditation/22/by/root");
+ ssh_string_free_char(e);
+
+ session->opts.port = 222;
+
+ e = ssh_path_expand_escape(session, s);
+ assert_non_null(e);
+ assert_string_equal(e, "guru/meditation/222/by/root");
+ ssh_string_free_char(e);
}
static void torture_path_expand_known_hosts(void **state) {
--
2.33.0

57
backport-tests-Ensure-the-mode-of-the-created-file-is.patch
View File

@ -1,57 +0,0 @@
From 1286a70e139fb7553dce02107cdcdf36edcf53f1 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Fri, 5 Aug 2022 17:08:30 +0800
Subject: tests: Ensure the mode of the created file is ...
what we set in open funtion by the argument mode. The mode of the
created file
is (mode & ~umask), So we set umask to typical default value(octal 022).
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=1286a70e139fb7553dce02107cdcdf36edcf53f1
---
tests/client/torture_scp.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c
index 59a00ba..fe3f239 100644
--- a/tests/client/torture_scp.c
+++ b/tests/client/torture_scp.c
@@ -39,6 +39,9 @@
#define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
#define ALICE_HOME BINARYDIR "/tests/home/alice"
+/* store the original umask */
+mode_t old;
+
struct scp_st {
struct torture_state *s;
char *tmp_dir;
@@ -99,6 +102,9 @@ static int session_setup(void **state)
s = ts->s;
+ /* store the original umask and set a new one */
+ old = umask(0022);
+
/* Create temporary directory for alice */
tmp_dir = torture_make_temp_dir(TEMPLATE);
assert_non_null(tmp_dir);
@@ -135,6 +141,9 @@ static int session_teardown(void **state)
assert_non_null(ts->s);
s = ts->s;
+ /* restore the umask */
+ umask(old);
+
ssh_disconnect(s->ssh.session);
ssh_free(s->ssh.session);
--
2.33.0

37
backport-torture_options-Add-test-for-in-login-name.patch
View File

@ -1,37 +0,0 @@
From 964df4dc290c631fe2ece74600e510ca6c0a7385 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Mon, 11 Jul 2022 12:34:34 +0200
Subject: torture_options: Add test for '@' in login name
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://git.libssh.org/projects/libssh.git/commit?id=964df4dc290c631fe2ece74600e510ca6c0a7385
---
tests/unittests/torture_options.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index d0fdaed..6bfd091 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -65,6 +65,13 @@ static void torture_options_set_host(void **state) {
assert_string_equal(session->opts.host, "meditation");
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "guru");
+
+ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
+ assert_true(rc == 0);
+ assert_non_null(session->opts.host);
+ assert_string_equal(session->opts.host, "hostname");
+ assert_non_null(session->opts.username);
+ assert_string_equal(session->opts.username, "at@login");
}
static void torture_options_set_ciphers(void **state) {
--
2.33.0

BIN
libssh-0.10.4.tar.xz Normal file
View File

Binary file not shown.

16
libssh-0.10.4.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmMYnSEACgkQfuD8TcwB
Tj2qGBAAn/40MU/7PcyCRK9U+MhLo28peRpTF+i1/k0V5czVLiFubeFofsa6sjy8
C6VyQsz0NYiTf6wXLlq9jO1p31LWQ13Z3K0d7Lg2eyftsVrGM1Ue9dTLlJrZ570d
JjcBR/J3dpO9w5fz4HawWE8GIBBstZQnZYdoT75+tIeSMJ/tnovKfE1RGYc4kRJs
quC7tyej7Y+t86U8psFSy2iUCajS82b+ddZEhuxwamel+RBRJZsmi5B2OvhkEaOj
mhJOIkx3UD9XAjxeooVcTlzAaJ5JFZ7Im97o+DRbQYvJYe4ZqDo17lrzBh6wruLC
vBo+/lwh9FbCqxbDpFfqwpf8qYsWu3m0Qlu5f+BZ/9WvjFCVoRmScNHJo42tu18r
xcX2Txis8oWysgqhvIgTFRnLq010ErL8iE9WeZwrNJgcTnf+AQLolKQiVAHumMvk
Djv0No+ZTBG03Hsb0tbvA8kVtxI0ZZtzPcRkRqmUwiLCtcO9oo1hInhu+D1sPZwI
Q1xK6hI6LKsF80yPKGexZxlgV/vZYhIKtD0SIoZCpx7MSBxXqHYZARtTFUAXBSqF
tIn800/pPhGuY1/x3ho4BeWCGj1eWG5zy7dr0q/d/OiqBj3OiUfxtTl4drqrYhca
goNhzNTs0Ps+iYbVQlk4nEAjg54M8ru1jfcuNRgrhTqCI8yiESk=
=AG91
-----END PGP SIGNATURE-----

BIN
libssh-0.9.6.tar.xz
View File

Binary file not shown.

16
libssh-0.9.6.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB
Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd
3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3
bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck
ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL
KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa
VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+
+W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG
zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq
1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN
TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5
o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk=
=cO0k
-----END PGP SIGNATURE-----

31
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.9.6
Release: 5
Version: 0.10.4
Release: 1
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -9,25 +9,6 @@ Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
Patch0: backport-Add-errno-reset-with-strtoul-call.patch
Patch1: backport-client-Do-not-close-the-socket-if-it-was-set-via-opt.patch
Patch2: backport-libsshpp-Fix-openForward-to-not-set-sourcehost-to-NU.patch
Patch3: backport-auth-Fix-error-returned-in-ssh_userauth_try_publicke.patch
Patch4: backport-sftp-fix-the-length-calculation-of-packet-in-sftp_wr.patch
Patch5: backport-options-Parse-hostname-by-last.patch
Patch6: backport-torture_options-Add-test-for-in-login-name.patch
Patch7: backport-session-Initialize-pointers.patch
Patch8: backport-tests-Ensure-the-mode-of-the-created-file-is.patch
Patch9: backport-session-socket_callbacks.data-will-be-set-t.patch
Patch10: backport-config-Avoid-false-positive-report-from-Cov.patch
Patch11: backport-kdf-Avoid-endianess-issues.patch
Patch12: backport-misc-rename-gettimeofday-symbol.patch
Patch13: backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
Patch14: backport-misc-Fix-expanding-port-numbers.patch
Patch15: backport-session-Initialize-the-port-with-the-standa.patch
Patch16: backport-tests-Add-test-for-expanding-port-numbers.patch
Patch17: backport-socket-Add-error-message-if-execv-fails.patch
BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server
BuildRequires: nmap-ncat
@ -109,9 +90,15 @@ popd
%files help
%defattr(-,root,root)
%doc ChangeLog README
%doc CHANGELOG README
%changelog
* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.10.4-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:update to 0.10.4
* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.9.6-5
- Type:bugfix
- Id:NA