summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--74ecd0e1.patch50
-rw-r--r--libssh2.spec34
-rw-r--r--sources2
3 files changed, 83 insertions, 3 deletions
diff --git a/74ecd0e1.patch b/74ecd0e1.patch
new file mode 100644
index 0000000..9507602
--- /dev/null
+++ b/74ecd0e1.patch
@@ -0,0 +1,50 @@
+From 74ecd0e10ced2237f32d273784ef8eaf553b9c30 Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Mon, 18 Mar 2019 17:36:04 -0700
+Subject: [PATCH] Fixed misapplied patch
+
+Fixes for user auth
+---
+ src/userauth.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/userauth.c b/src/userauth.c
+index ed804629..c02d81d0 100644
+--- a/src/userauth.c
++++ b/src/userauth.c
+@@ -107,7 +107,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
+ LIBSSH2_FREE(session, session->userauth_list_data);
+ session->userauth_list_data = NULL;
+
+- if (rc || (session->userauth_list_data_len < 1)) {
++ if (rc) {
+ _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
+ "Unable to send userauth-none request");
+ session->userauth_list_state = libssh2_NB_state_idle;
+@@ -127,7 +127,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
+ _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
+ "Would block requesting userauth list");
+ return NULL;
+- } else if (rc) {
++ } else if (rc || (session->userauth_list_data_len < 1)) {
+ _libssh2_error(session, rc, "Failed getting response");
+ session->userauth_list_state = libssh2_NB_state_idle;
+ return NULL;
+@@ -1172,7 +1172,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
+ NULL, 0);
+ if (rc == LIBSSH2_ERROR_EAGAIN)
+ return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
+- else if (rc || (session->userauth_pblc_data_len < 1)) {
++ else if (rc) {
+ LIBSSH2_FREE(session, session->userauth_pblc_packet);
+ session->userauth_pblc_packet = NULL;
+ LIBSSH2_FREE(session, session->userauth_pblc_method);
+@@ -1195,7 +1195,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
+ if (rc == LIBSSH2_ERROR_EAGAIN) {
+ return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
+ }
+- else if (rc) {
++ else if (rc || (session->userauth_pblc_data_len < 1)) {
+ LIBSSH2_FREE(session, session->userauth_pblc_packet);
+ session->userauth_pblc_packet = NULL;
+ LIBSSH2_FREE(session, session->userauth_pblc_method);
diff --git a/libssh2.spec b/libssh2.spec
index 92b352c..36cd9ce 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -1,11 +1,12 @@
Name: libssh2
-Version: 1.8.0
-Release: 10%{?dist}
+Version: 1.8.1
+Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol
License: BSD
URL: http://www.libssh2.org/
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
Patch1: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
+Patch2: https://github.com/libssh2/libssh2/commit/74ecd0e1.patch
BuildRequires: coreutils
BuildRequires: findutils
@@ -62,6 +63,11 @@ developing applications that use libssh2.
# https://github.com/libssh2/libssh2/pull/208
%patch1 -p1
+# userauth: fix mis-applied patch in the fix of CVE-2019-3859
+# https://github.com/libssh2/libssh2/issues/325
+# https://github.com/libssh2/libssh2/pull/327
+%patch2 -p1
+
# Replace hard wired port number in the test suite to avoid collisions
# between 32-bit and 64-bit builds running on a single build-host
sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
@@ -131,6 +137,30 @@ LC_ALL=en_US.UTF-8 make -C tests check
%{_libdir}/pkgconfig/libssh2.pc
%changelog
+* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1
+- Update to 1.8.1
+ - Fixed possible integer overflow when reading a specially crafted packet
+ (CVE-2019-3855)
+ - Fixed possible integer overflow in userauth_keyboard_interactive with a
+ number of extremely long prompt strings (CVE-2019-3863)
+ - Fixed possible integer overflow if the server sent an extremely large
+ number of keyboard prompts (CVE-2019-3856)
+ - Fixed possible out of bounds read when processing a specially crafted
+ packet (CVE-2019-3861)
+ - Fixed possible integer overflow when receiving a specially crafted exit
+ signal message channel packet (CVE-2019-3857)
+ - Fixed possible out of bounds read when receiving a specially crafted exit
+ status message channel packet (CVE-2019-3862)
+ - Fixed possible zero byte allocation when reading a specially crafted SFTP
+ packet (CVE-2019-3858)
+ - Fixed possible out of bounds reads when processing specially crafted SFTP
+ packets (CVE-2019-3860)
+ - Fixed possible out of bounds reads in _libssh2_packet_require(v)
+ (CVE-2019-3859)
+- Fix mis-applied patch in the fix of CVE-2019-3859
+ - https://github.com/libssh2/libssh2/issues/325
+ - https://github.com/libssh2/libssh2/pull/327
+
* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10
- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
locale settings in mock builders
diff --git a/sources b/sources
index 8551b1a..d5b4033 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3d1147cae66e2959ea5441b183de1b1c libssh2-1.8.0.tar.gz
+SHA512 (libssh2-1.8.1.tar.gz) = f09ad9ed04d25305b966e7f8c210082fe06c2b236dcd5018b009bd0bd6aaff123d16559d280892a5060760ed055ffe295bc02dc6e8dd1e7b8383c6c703f09290
bgstack15