From af56e4903a2940143c82edfd92315be582458dd7 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Tue, 12 Sep 2017 10:54:52 +0100 Subject: Fix for BrickFTP (#1489736), spec clean-up - scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) - Make devel package dependency on main package arch-specific - Drop EL-5 support - noarch sub-packages always available now - Drop legacy Group: and BuildRoot: tags - Drop explicit buildroot cleaning - %{__isa_bits} always defined now --- ...NUL-terminate-the-command-for-remote-exec.patch | 45 ++++++++++++++++++++++ libssh2.spec | 45 +++++++++------------- 2 files changed, 64 insertions(+), 26 deletions(-) create mode 100644 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch diff --git a/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch b/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch new file mode 100644 index 0000000..a6881dd --- /dev/null +++ b/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch @@ -0,0 +1,45 @@ +From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 11 Sep 2017 21:13:45 +0200 +Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208) + +It breaks SCP download/upload from/to certain server implementations. + +The bug does not manifest with OpenSSH, which silently drops the NUL +byte (eventually with any garbage that follows the NUL byte) before +executing it. + +Bug: https://bugzilla.redhat.com/1489736 +--- + src/scp.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/scp.c b/src/scp.c +index 22778dd..d1665a6 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb) + &session->scpRecv_command[cmd_len], + session->scpRecv_command_len - cmd_len); + +- session->scpRecv_command[cmd_len] = '\0'; +- session->scpRecv_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpRecv_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP receive"); +@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + &session->scpSend_command[cmd_len], + session->scpSend_command_len - cmd_len); + +- session->scpSend_command[cmd_len] = '\0'; +- session->scpSend_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpSend_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP send"); +-- +2.9.5 + diff --git a/libssh2.spec b/libssh2.spec index a65be61..ef5d135 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,24 +1,11 @@ -# Fedora 10 onwards support noarch subpackages; by using one, we can -# put the arch-independent docs in a common subpackage and save lots -# of space on the mirrors -%if 0%{?fedora} > 9 || 0%{?rhel} > 5 -%global noarch_docs_package 1 -%else -%global noarch_docs_package 0 -%endif - -# Define %%{__isa_bits} for old releases -%{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} - Name: libssh2 Version: 1.8.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library implementing the SSH2 protocol -Group: System Environment/Libraries License: BSD URL: http://www.libssh2.org/ Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) +Patch1: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch BuildRequires: coreutils BuildRequires: findutils @@ -47,8 +34,7 @@ SECSH-DHGEX(04), and SECSH-NUMBERS(10). %package devel Summary: Development files for libssh2 -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pkgconfig %description devel @@ -57,11 +43,8 @@ developing applications that use libssh2. %package docs Summary: Documentation for libssh2 -Group: Development/Libraries Requires: %{name} = %{version}-%{release} -%if %{noarch_docs_package} BuildArch: noarch -%endif %description docs The libssh2-docs package contains man pages and examples for @@ -70,9 +53,14 @@ developing applications that use libssh2. %prep %setup -q +# scp: do not NUL-terminate the command for remote exec +# https://bugzilla.redhat.com/show_bug.cgi?id=1489736 +# https://github.com/libssh2/libssh2/pull/208 +%patch1 -p1 + # Replace hard wired port number in the test suite to avoid collisions # between 32-bit and 64-bit builds running on a single build-host -sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} +sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh} # Make sshd transition appropriately if building in an SELinux environment %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) @@ -86,7 +74,6 @@ chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} | make %{?_smp_mflags} %install -rm -rf %{buildroot} make install DESTDIR=%{buildroot} INSTALL="install -p" find %{buildroot} -name '*.la' -delete @@ -118,9 +105,6 @@ echo "exit 0" > tests/mansyntax.sh %endif make -C tests check -%clean -rm -rf %{buildroot} - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -145,6 +129,15 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/libssh2.pc %changelog +* Tue Sep 12 2017 Paul Howarth - 1.8.0-5 +- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) +- Make devel package dependency on main package arch-specific +- Drop EL-5 support + - noarch sub-packages always available now + - Drop legacy Group: and BuildRoot: tags + - Drop explicit buildroot cleaning + - %%{__isa_bits} always defined now + * Thu Aug 03 2017 Fedora Release Engineering - 1.8.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild @@ -345,7 +338,7 @@ rm -rf %{buildroot} - OpenSSL EVP: fix threaded use of structs - _libssh2_channel_read: react on errors from receive_window_adjust - sftp_read: cap the read ahead maximum amount - - _libssh2_channel_read: fix non-blocking window adjusting + - _libssh2_channel_read: fix non-blocking window adjusting - add upstream patch fixing undefined function reference in libgcrypt backend - BR: /usr/bin/man for test suite -- cgit