packages/libssh2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!65 [sync] PR-63: backport some upstream patches

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12
This commit is contained in:
openeuler-ci-bot 2024-11-21 06:29:10 +00:00 committed by Gitee
commit b461db1c89
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 592 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-Add-NULL-pointer-check-for-outlen-before-use-1109.patch Normal file
View File

@ -0,0 +1,32 @@
From 724effcb47ebb713d3ef1776684b8f6407b4b6a5 Mon Sep 17 00:00:00 2001
From: ren mingshuai <78132473+rmsh1216@users.noreply.github.com>
Date: Sat, 1 Jul 2023 01:34:44 +0800
Subject: [PATCH] Add NULL pointer check for outlen before use (#1109)
Before assigning a value to the outlen, we need to check whether it is NULL.
Credit: Ren Mingshuai <renmingshuai@huawei.com>
Reference:https://github.com/libssh2/libssh2/commit/724effcb47ebb713d3ef1776684b8f6407b4b6a5
Conflict:NA
---
src/misc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/misc.c b/src/misc.c
index b386e3d6..398457d4 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -901,7 +901,8 @@ int _libssh2_copy_string(LIBSSH2_SESSION *session, struct string_buf *buf,
}
}
else {
- *outlen = 0;
+ if(outlen)
+ *outlen = 0;
*outbuf = NULL;
}
--
2.27.0

74
backport-Add-a-new-structure-to-separate-memory-read-and-file.patch Normal file
View File

@ -0,0 +1,74 @@
From 63b4c20eb031227d040a3aca3224c80189411464 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Tue, 1 Aug 2023 12:36:24 +0800
Subject: [PATCH] Add a new structure to separate memory read and file read. We
use different APIs when we read one private key from memory, so it is
improper to store the private key information in the structure that stores
the private key file information.
Fixes https://github.com/libssh2/libssh2/issues/773
Reported-by: mike-jumper
Reference:https://github.com/libssh2/libssh2/commit/63b4c20eb031227d040a3aca3224c80189411464
Conflict:NA
---
src/userauth.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/userauth.c b/src/userauth.c
index 5ce4ccb1..c382e661 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -818,11 +818,17 @@ struct privkey_file {
const char *passphrase;
};
+struct privkey_mem {
+ const char *passphrase;
+ const char *data;
+ size_t data_len;
+};
+
static int
sign_frommemory(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
const unsigned char *data, size_t data_len, void **abstract)
{
- struct privkey_file *pk_file = (struct privkey_file *) (*abstract);
+ struct privkey_mem *pk_mem = (struct privkey_mem *) (*abstract);
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
void *hostkey_abstract;
struct iovec datavec;
@@ -831,9 +837,9 @@ sign_frommemory(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
rc = memory_read_privatekey(session, &privkeyobj, &hostkey_abstract,
session->userauth_pblc_method,
session->userauth_pblc_method_len,
- pk_file->filename,
- strlen(pk_file->filename),
- pk_file->passphrase);
+ pk_mem->data,
+ pk_mem->data_len,
+ pk_mem->passphrase);
if(rc)
return rc;
@@ -1835,12 +1841,13 @@ userauth_publickey_frommemory(LIBSSH2_SESSION *session,
{
unsigned char *pubkeydata = NULL;
size_t pubkeydata_len = 0;
- struct privkey_file privkey_file;
- void *abstract = &privkey_file;
+ struct privkey_mem privkey_mem;
+ void *abstract = &privkey_mem;
int rc;
- privkey_file.filename = privatekeydata;
- privkey_file.passphrase = passphrase;
+ privkey_mem.data = privatekeydata;
+ privkey_mem.data_len = privatekeydata_len;
+ privkey_mem.passphrase = passphrase;
if(session->userauth_pblc_state == libssh2_NB_state_idle) {
if(publickeydata_len && publickeydata) {
--
2.27.0

27
backport-Fix-an-out-of-bounds-read-in-_libssh2_kex_agree_inst.patch Normal file
View File

@ -0,0 +1,27 @@
From f52ffc1ccdedcd5a885e85c2d0f0cb872b2b0a7f Mon Sep 17 00:00:00 2001
From: Michael Buckley <michael@buckleyisms.com>
Date: Mon, 8 Jan 2024 15:04:52 -0800
Subject: [PATCH] Fix an out-of-bounds read in _libssh2_kex_agree_instr when
searching for a KEX not in the server list (#1302)
Reference:https://github.com/libssh2/libssh2/commit/f52ffc1ccdedcd5a885e85c2d0f0cb872b2b0a7f
Conflict:NA
---
src/kex.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/kex.c b/src/kex.c
index a7b301e1..65973297 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -3349,6 +3349,7 @@ _libssh2_kex_agree_instr(unsigned char *haystack, size_t haystack_len,
left = end_haystack - s;
if((left >= 1) && (left <= haystack_len) && (left > needle_len)) {
s++;
+ left--;
}
else {
return NULL;
--
2.33.0

47
backport-Fix-unstable-connections-over-nonblocking-sockets.patch Normal file
View File

@ -0,0 +1,47 @@
From de0048759b871ee61bbd98619daff16be95a3e67 Mon Sep 17 00:00:00 2001
From: rolag <10981866+rolag@users.noreply.github.com>
Date: Fri, 27 Sep 2024 15:52:47 +0000
Subject: [PATCH] Fix unstable connections over nonblocking sockets (#1454)
The `send_existing()` function allows partially sent packets to be sent
fully before any further packets are sent. Originally this returned
`LIBSSH2_ERROR_BAD_USE` when a different caller or thread tried to send
an existing packet created by a different caller or thread causing the
connection to disconnect. Commit 33dddd2f8ac3bc81 removed the return
allowing any caller to continue sending another caller's packet. This
caused connection instability as discussed in #1397 and confused the
client and server causing occasional duplicate packets to be sent and
giving the error `rcvd too much data` as discussed in #1431. We return
`LIBSSH2_ERROR_EAGAIN` instead to allow existing callers to finish
sending their own packets.
Fixes #1397
Fixes #1431
Related #720
Credit: klux21, rolag
Conflict:NA
Reference:https://github.com/libssh2/libssh2/commit/de0048759b871ee61bbd98619daff16be95a3e67
---
src/transport.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/transport.c b/src/transport.c
index 3b30ff8..bbe7f5b 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -782,7 +782,8 @@ send_existing(LIBSSH2_SESSION *session, const unsigned char *data,
make the caller really notice his/hers flaw, we return error for
this case */
_libssh2_debug((session, LIBSSH2_TRACE_SOCKET,
- "Address is different, but will resume nonetheless"));
+ "Address is different, returning EAGAIN"));
+ return LIBSSH2_ERROR_EAGAIN;
}
*ret = 1; /* set to make our parent return */
--
2.43.0

33
backport-Prevent-possible-double-free-of-hostkey.patch Normal file
View File

@ -0,0 +1,33 @@
From b3465418471ffa4cf0bbe1e8f28c4d007f060f99 Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Tue, 10 Sep 2024 09:35:26 -0700
Subject: [PATCH] Prevent possible double free of hostkey (#1452)
NULL server hostkey based on fuzzer failure case.
Conflict:NA
Reference:https://github.com/libssh2/libssh2/commit/b3465418471ffa4cf0bbe1e8f28c4d007f060f99
---
src/kex.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/kex.c b/src/kex.c
index 5f381ec..7053316 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -379,8 +379,11 @@ static int diffie_hellman_sha_algo(LIBSSH2_SESSION *session,
buf.dataptr = buf.data;
buf.dataptr++; /* advance past type */
- if(session->server_hostkey)
+ if(session->server_hostkey) {
LIBSSH2_FREE(session, session->server_hostkey);
+ session->server_hostkey = NULL;
+ session->server_hostkey_len = 0;
+ }
if(_libssh2_copy_string(session, &buf, &(session->server_hostkey),
&host_key_len)) {
--
2.43.0

30
backport-We-should-check-whether-key_method-is-a-NULL-pointer.patch Normal file
View File

@ -0,0 +1,30 @@
From bec57c409d40822a23f03d2136f33b75b01b4b58 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Sat, 1 Jul 2023 10:14:48 +0800
Subject: [PATCH] We should check whether *key_method is a NULL pointer instead
of key_method
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reference:https://github.com/libssh2/libssh2/commit/bec57c409d40822a23f03d2136f33b75b01b4b58
Conflict:NA
---
src/userauth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/userauth.c b/src/userauth.c
index e7578759..5ce4ccb1 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -1410,7 +1410,7 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
LIBSSH2_FREE(session, *key_method);
*key_method = LIBSSH2_ALLOC(session, match_len);
- if(key_method) {
+ if(*key_method) {
memcpy(*key_method, match, match_len);
*key_method_len = match_len;
}
--
2.27.0

72
backport-buildconf-drop.patch Normal file
View File

@ -0,0 +1,72 @@
From 814a850c97b0d535341868b4aefdfe76179330e9 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Tue, 6 Aug 2024 12:55:05 +0200
Subject: [PATCH] buildconf: drop
Use `autoreconf -fi` instead.
Conflict:NA
Reference:https://github.com/libssh2/libssh2/commit/814a850c97b0d535341868b4aefdfe76179330e9
---
Makefile.am | 2 +-
Makefile.in | 2 +-
buildconf | 8 --------
tests/ossfuzz/ossfuzz.sh | 2 +-
4 files changed, 3 insertions(+), 11 deletions(-)
delete mode 100755 buildconf
diff --git a/Makefile.am b/Makefile.am
index 677be76..9f4252e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -38,7 +38,7 @@ OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \
EXTRA_DIST = $(WIN32FILES) get_ver.awk \
maketgz RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \
CMakeLists.txt cmake git2news.pl libssh2-style.el README.md $(OS400FILES) \
- buildconf Makefile.mk
+ Makefile.mk
ACLOCAL_AMFLAGS = -I m4
diff --git a/Makefile.in b/Makefile.in
index ec124e2..e45cabc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -427,7 +427,7 @@ OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \
EXTRA_DIST = $(WIN32FILES) get_ver.awk \
maketgz RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \
CMakeLists.txt cmake git2news.pl libssh2-style.el README.md $(OS400FILES) \
- buildconf Makefile.mk
+ Makefile.mk
ACLOCAL_AMFLAGS = -I m4
all: all-recursive
diff --git a/buildconf b/buildconf
deleted file mode 100755
index 1649f37..0000000
--- a/buildconf
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-echo "***" >&2
-echo "*** Do not use buildconf. Instead, use: autoreconf -fi" >&2
-echo "*** Doing it for you now, but buildconf may disappear in the future." >&2
-echo "***" >&2
-
-exec ${AUTORECONF:-autoreconf} -fi "${@}"
diff --git a/tests/ossfuzz/ossfuzz.sh b/tests/ossfuzz/ossfuzz.sh
index 7925fb7..032b686 100755
--- a/tests/ossfuzz/ossfuzz.sh
+++ b/tests/ossfuzz/ossfuzz.sh
@@ -22,7 +22,7 @@ export MAKEFLAGS
apt-get -y install automake libtool libssl-dev zlib1g-dev
# Compile the fuzzer.
-./buildconf
+autoreconf -fi
./configure --disable-shared \
--enable-ossfuzzers \
--disable-examples-build \
--
2.43.0

170
backport-openssl-fix-cppcheck-found-NULL-dereferences-1304.patch Normal file
View File

@ -0,0 +1,170 @@
From f2945905fbae7728869bffb9e034604cafcffb49 Mon Sep 17 00:00:00 2001
From: Ryan Kelley <ryan.parker.kelley@gmail.com>
Date: Thu, 18 Jan 2024 14:37:52 -0500
Subject: [PATCH] openssl: fix cppcheck found NULL dereferences (#1304)
* Fix NULL dereference in gen_publickey_from_rsa_evp and
gen_publickey_from_dsa_evp.
* Add checks for en_publickey_from_ec_evp and en_publickey_from_ed_evp
Reference:https://github.com/libssh2/libssh2/commit/f2945905fbae7728869bffb9e034604cafcffb49
Conflict:b0ab005fe792(openssl: use non-deprecated APIs with OpenSSL3.x)
ed439a29bb04(Support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys)
---
src/openssl.c | 83 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 53 insertions(+), 30 deletions(-)
diff --git a/src/openssl.c b/src/openssl.c
index 919a8d9..905af3e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -820,10 +820,14 @@ gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
RSA_free(rsa);
memcpy(method_buf, "ssh-rsa", 7);
- *method = method_buf;
- *method_len = 7;
- *pubkeydata = key;
- *pubkeydata_len = key_len;
+ *method = method_buf;
+ if(method_len) {
+ *method_len = 7;
+ }
+ *pubkeydata = key;
+ if(pubkeydata_len) {
+ *pubkeydata_len = key_len;
+ }
return 0;
__alloc_error:
@@ -1219,10 +1223,14 @@ gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
DSA_free(dsa);
memcpy(method_buf, "ssh-dss", 7);
- *method = method_buf;
- *method_len = 7;
- *pubkeydata = key;
- *pubkeydata_len = key_len;
+ *method = method_buf;
+ if(method_len) {
+ *method_len = 7;
+ }
+ *pubkeydata = key;
+ if(pubkeydata_len) {
+ *pubkeydata_len = key_len;
+ }
return 0;
__alloc_error:
@@ -1589,10 +1597,14 @@ gen_publickey_from_ed_evp(LIBSSH2_SESSION *session,
goto fail;
}
- *method = methodBuf;
- *method_len = sizeof(methodName) - 1;
- *pubkeydata = keyBuf;
- *pubkeydata_len = bufLen;
+ *method = methodBuf;
+ if(method_len) {
+ *method_len = sizeof(methodName) - 1;
+ }
+ *pubkeydata = keyBuf;
+ if(pubkeydata_len) {
+ *pubkeydata_len = bufLen;
+ }
return 0;
fail:
@@ -2561,6 +2573,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
unsigned char *p;
unsigned char *method_buf = NULL;
unsigned char *key;
+ size_t method_buf_len = 0;
size_t key_len = 0;
unsigned char *octal_value = NULL;
size_t octal_len;
@@ -2588,24 +2601,29 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
type = _libssh2_ecdsa_get_curve_type(ec);
if(is_sk)
- *method_len = 34;
+ method_buf_len = 34;
else
- *method_len = 19;
+ method_buf_len = 19;
- method_buf = LIBSSH2_ALLOC(session, *method_len);
+ method_buf = LIBSSH2_ALLOC(session, method_buf_len);
if(!method_buf) {
return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"out of memory");
}
- if(is_sk)
- memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com", *method_len);
- else if(type == LIBSSH2_EC_CURVE_NISTP256)
- memcpy(method_buf, "ecdsa-sha2-nistp256", *method_len);
- else if(type == LIBSSH2_EC_CURVE_NISTP384)
- memcpy(method_buf, "ecdsa-sha2-nistp384", *method_len);
- else if(type == LIBSSH2_EC_CURVE_NISTP521)
- memcpy(method_buf, "ecdsa-sha2-nistp521", *method_len);
+ if(is_sk) {
+ memcpy(method_buf, "sk-ecdsa-sha2-nistp256@openssh.com",
+ method_buf_len);
+ }
+ else if(type == LIBSSH2_EC_CURVE_NISTP256) {
+ memcpy(method_buf, "ecdsa-sha2-nistp256", method_buf_len);
+ }
+ else if(type == LIBSSH2_EC_CURVE_NISTP384) {
+ memcpy(method_buf, "ecdsa-sha2-nistp384", method_buf_len);
+ }
+ else if(type == LIBSSH2_EC_CURVE_NISTP521) {
+ memcpy(method_buf, "ecdsa-sha2-nistp521", method_buf_len);
+ }
else {
_libssh2_debug((session,
LIBSSH2_TRACE_ERROR,
@@ -2636,9 +2654,9 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
goto clean_exit;
}
- /* Key form is: type_len(4) + type(method_len) + domain_len(4) + domain(8)
- + pub_key_len(4) + pub_key(~65). */
- key_len = 4 + *method_len + 4 + 8 + 4 + octal_len;
+ /* Key form is: type_len(4) + type(method_buf_len) + domain_len(4)
+ + domain(8) + pub_key_len(4) + pub_key(~65). */
+ key_len = 4 + method_buf_len + 4 + 8 + 4 + octal_len;
key = LIBSSH2_ALLOC(session, key_len);
if(!key) {
rc = -1;
@@ -2649,7 +2667,7 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
p = key;
/* Key type */
- _libssh2_store_str(&p, (const char *)method_buf, *method_len);
+ _libssh2_store_str(&p, (const char *)method_buf, method_buf_len);
/* Name domain */
if(is_sk) {
@@ -2662,9 +2680,14 @@ gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
/* Public key */
_libssh2_store_str(&p, (const char *)octal_value, octal_len);
- *method = method_buf;
- *pubkeydata = key;
- *pubkeydata_len = key_len;
+ *method = method_buf;
+ if(method_len) {
+ *method_len = method_buf_len;
+ }
+ *pubkeydata = key;
+ if(pubkeydata_len) {
+ *pubkeydata_len = key_len;
+ }
clean_exit:
--
2.33.0

38
backport-session-support-server-banners-up-to-8192-bytes-was-256.patch Normal file
View File

@ -0,0 +1,38 @@
From 1a9e8811f7fa7538a52e2dd0150a094368471bf3 Mon Sep 17 00:00:00 2001
From: Anders Borum <palmin@users.noreply.github.com>
Date: Tue, 8 Oct 2024 08:11:02 +0200
Subject: [PATCH] session: support server banners up to 8192 bytes (was: 256)
If server had banner exceeding 256 bytes there wasn't enough room in
`_LIBSSH2_SESSION.banner_TxRx_banner`. Only the first 256 bytes would be
read making the first packet read fail but also dooming key exchange as
`session->remote.banner` didn't include everything.
This change bumps the banner buffer to 8KB to match OpenSSH.
Fixes #1442
Closes #1443
Reference:https://github.com/libssh2/libssh2/commit/1a9e8811f7fa7538a52e2dd0150a094368471bf3
Conflict:NA
---
src/libssh2_priv.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
index ee1d8b5..b1f32b1 100644
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -742,7 +742,7 @@ struct _LIBSSH2_SESSION
/* State variables used in libssh2_banner_send() */
libssh2_nonblocking_states banner_TxRx_state;
- char banner_TxRx_banner[256];
+ char banner_TxRx_banner[8192];
ssize_t banner_TxRx_total_send;
/* State variables used in libssh2_kexinit() */
--
2.43.0

52
backport-userauth-avoid-oob-with-huge-interactive-kbd-respons.patch Normal file
View File

@ -0,0 +1,52 @@
From a6a9093b39824a00258f96a5301a844b4d870cdc Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Thu, 28 Mar 2024 16:59:58 +0000
Subject: [PATCH] userauth: avoid oob with huge interactive kbd response
- If the length of a response is `UINT_MAX - 3` or larger, an unsigned
integer overflow occurs on 64-bit systems. Avoid such truncation to
always allocate enough memory to avoid subsequent out of boundary
writes.
Patch-by: Tobias Stoeckmann
- also add FIXME to bump up length field to `size_t` (ABI break)
Closes #1337
Reference:https://github.com/libssh2/libssh2/commit/a6a9093b39824a00258f96a5301a844b4d870cdc
Conflict:NA
---
include/libssh2.h | 2 +-
src/userauth.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/libssh2.h b/include/libssh2.h
index 8bc8a138..71673801 100644
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -292,7 +292,7 @@ typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT
typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE
{
char *text;
- unsigned int length;
+ unsigned int length; /* FIXME: change type to size_t */
} LIBSSH2_USERAUTH_KBDINT_RESPONSE;
typedef struct _LIBSSH2_SK_SIG_INFO {
diff --git a/src/userauth.c b/src/userauth.c
index 60fd48e4..43df3e15 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -2188,7 +2188,7 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
if(session->userauth_kybd_responses[i].length <=
(SIZE_MAX - 4 - session->userauth_kybd_packet_len)) {
session->userauth_kybd_packet_len +=
- 4 + session->userauth_kybd_responses[i].length;
+ 4 + (size_t)session->userauth_kybd_responses[i].length;
}
else {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
--
2.33.0

18
libssh2.spec
View File

@ -1,6 +1,6 @@
Name: libssh2
Version: 1.11.0
Release: 3
Release: 4
Summary: A library implementing the SSH2 protocol
License: BSD
URL: https://www.libssh2.org/
@ -8,6 +8,16 @@ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz
Patch0: backport-src-add-strict-KEX-to-fix-CVE-2023-48795-Terrapin-At.patch
Patch1: libssh2-1.11.0-strict-modes.patch
Patch2: backport-Add-NULL-pointer-check-for-outlen-before-use-1109.patch
Patch3: backport-We-should-check-whether-key_method-is-a-NULL-pointer.patch
Patch4: backport-Add-a-new-structure-to-separate-memory-read-and-file.patch
Patch5: backport-Fix-an-out-of-bounds-read-in-_libssh2_kex_agree_inst.patch
Patch6: backport-openssl-fix-cppcheck-found-NULL-dereferences-1304.patch
Patch7: backport-userauth-avoid-oob-with-huge-interactive-kbd-respons.patch
Patch8: backport-buildconf-drop.patch
Patch9: backport-Prevent-possible-double-free-of-hostkey.patch
Patch10: backport-Fix-unstable-connections-over-nonblocking-sockets.patch
Patch11: backport-session-support-server-banners-up-to-8192-bytes-was-256.patch
BuildRequires: coreutils findutils /usr/bin/man zlib-devel
BuildRequires: gcc make sed openssl-devel > 1:1.0.2 openssh-server
@ -87,6 +97,12 @@ LC_ALL=en_US.UTF-8 make -C tests check
%{_mandir}/man3/libssh2_*.3*
%changelog
* Tue Oct 29 2024 bitianyuan <bitianyuan@huawei.com> - 1.11.0-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport some upstream patches
* Tue Jun 04 2024 yueyuankun<yueyuankun@kylinos.cn> - 1.11.0-3
- Type:bugfix
- ID:NA