diff options
| -rw-r--r-- | .cvsignore | 2 | ||||
| -rw-r--r-- | libssh2-1.2.2-padding.patch | 117 | ||||
| -rw-r--r-- | libssh2.spec | 15 | ||||
| -rw-r--r-- | sources | 2 |
4 files changed, 10 insertions, 126 deletions
@@ -1 +1 @@ -libssh2-1.2.2.tar.gz +libssh2-1.2.4.tar.gz diff --git a/libssh2-1.2.2-padding.patch b/libssh2-1.2.2-padding.patch deleted file mode 100644 index 127ad9d..0000000 --- a/libssh2-1.2.2-padding.patch +++ /dev/null @@ -1,117 +0,0 @@ -commit 1aba38cd7d2658146675ce1737e5090f879f3068 -Author: Peter Stuge <peter@stuge.se> -Date: Sun Dec 6 07:20:58 2009 +0100 - - Fix padding in ssh-dss signature blob encoding - - DSA signatures consist of two 160-bit integers called r and s. In ssh-dss - signature blobs r and s are stored directly after each other in binary - representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.) - - The crypto wrappers in libssh2 would either pack r and s incorrectly, or - fail, when at least one integer was small enough to be stored in 19 bytes - or less. - - The patch ensures that r and s are always stored as two 160 bit numbers. - -diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index ba00284..b06be42 100644 ---- a/src/libgcrypt.c -+++ b/src/libgcrypt.c -@@ -424,6 +424,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, - return -1; - } - -+ memset(sig, 0, 40); -+ - /* Extract R. */ - - data = gcry_sexp_find_token(sig_sexp, "r", 0); -@@ -433,22 +435,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, - } - - tmp = gcry_sexp_nth_data(data, 1, &size); -- if (!tmp) { -- ret = -1; -- goto out; -- } -- -- if (tmp[0] == '\0') { -- tmp++; -- size--; -- } -- -- if (size != 20) { -+ if (!tmp || size < 1 || size > 20) { - ret = -1; - goto out; - } - -- memcpy(sig, tmp, 20); -+ memcpy(sig + (20 - size), tmp, size); - - gcry_sexp_release(data); - -@@ -461,22 +453,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, - } - - tmp = gcry_sexp_nth_data(data, 1, &size); -- if (!tmp) { -- ret = -1; -- goto out; -- } -- -- if (tmp[0] == '\0') { -- tmp++; -- size--; -- } -- -- if (size != 20) { -+ if (!tmp || size < 1 || size > 20) { - ret = -1; - goto out; - } - -- memcpy(sig + 20, tmp, 20); -+ memcpy(sig + 20 + (20 - size), tmp, size); - - ret = 0; - out: -diff --git a/src/openssl.c b/src/openssl.c -index 250ea63..000c9ec 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -420,7 +420,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, - unsigned long hash_len, unsigned char *signature) - { - DSA_SIG *sig; -- int r_len, s_len, rs_pad; -+ int r_len, s_len; - (void) hash_len; - - sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx); -@@ -429,15 +429,20 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, - } - - r_len = BN_num_bytes(sig->r); -+ if (r_len < 1 || r_len > 20) { -+ DSA_SIG_free(sig); -+ return -1; -+ } - s_len = BN_num_bytes(sig->s); -- rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len); -- if (rs_pad < 0) { -+ if (s_len < 1 || s_len > 20) { - DSA_SIG_free(sig); - return -1; - } - -- BN_bn2bin(sig->r, signature + rs_pad); -- BN_bn2bin(sig->s, signature + rs_pad + r_len); -+ memset(signature, 0, 40); -+ -+ BN_bn2bin(sig->r, signature + (20 - r_len)); -+ BN_bn2bin(sig->s, signature + 20 + (20 - s_len)); - - DSA_SIG_free(sig); - diff --git a/libssh2.spec b/libssh2.spec index ed4ecc5..15347de 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 -Version: 1.2.2 -Release: 5%{?dist} +Version: 1.2.4 +Release: 1%{?dist} Summary: A library implementing the SSH2 protocol Group: System Environment/Libraries @@ -9,9 +9,6 @@ URL: http://www.libssh2.org Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -# aka commit 1aba38cd7d2658146675ce1737e5090f879f306 -Patch0: libssh2-1.2.2-padding.patch - BuildRequires: openssl-devel BuildRequires: zlib-devel @@ -47,7 +44,6 @@ developing applications that use %{name}. %prep %setup -q -%patch0 -p1 # make sure things are UTF-8... for i in ChangeLog NEWS ; do @@ -69,7 +65,7 @@ find %{buildroot} -name '*.la' -exec rm -f {} + # clean things up a bit for packaging ( cd example && make clean ) -rm -rf example/simple/.deps +find example/ -type d -name .deps -exec rm -rf {} + find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} + %check @@ -104,6 +100,11 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/* %changelog +* Fri Mar 12 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.4-1 +- update to 1.2.4 +- drop old patch0 +- be more aggressive about keeping .deps from intruding into -docs + * Wed Jan 20 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-5 - pkgconfig dep should be with -devel, not -docs @@ -1 +1 @@ -fa8d9cd425bdd62f57244fc61fb54da7 libssh2-1.2.2.tar.gz +4d65a66d5f232e5bb1d05b311e43d46d libssh2-1.2.4.tar.gz |