Date: Thursday, September 10, 2020 @ 14:07:25 Author: eworm Revision: 395687
upgpkg: libssh 0.9.5-1: new upstream release Modified: libssh/trunk/PKGBUILD Deleted: libssh/trunk/0001-CVE-2020-16135.patch ---------------------------+ 0001-CVE-2020-16135.patch | 165 -------------------------------------------- PKGBUILD | 29 +++---- 2 files changed, 13 insertions(+), 181 deletions(-) Deleted: 0001-CVE-2020-16135.patch =================================================================== --- 0001-CVE-2020-16135.patch 2020-09-10 12:49:44 UTC (rev 395686) +++ 0001-CVE-2020-16135.patch 2020-09-10 14:07:25 UTC (rev 395687) @@ -1,165 +0,0 @@ -From 533d881b0f4b24c72b35ecc97fa35d295d063e53 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <a...@cryptomilk.org> -Date: Wed, 3 Jun 2020 10:04:09 +0200 -Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new() - -Thanks to Ramin Farajpour Cami for spotting this. - -Fixes T232 - -Signed-off-by: Andreas Schneider <a...@cryptomilk.org> -Reviewed-by: Anderson Toshiyuki Sasaki <ansas...@redhat.com> -Reviewed-by: Jakub Jelen <jje...@redhat.com> -Signed-off-by: Christian Hesse <m...@eworm.de> ---- - src/sftpserver.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/sftpserver.c b/src/sftpserver.c -index 5a2110e5..b639a2ce 100644 ---- a/src/sftpserver.c -+++ b/src/sftpserver.c -@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { - - /* take a copy of the whole packet */ - msg->complete_message = ssh_buffer_new(); -+ if (msg->complete_message == NULL) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } -+ - ssh_buffer_add_data(msg->complete_message, - ssh_buffer_get(payload), - ssh_buffer_get_len(payload)); - -From 2782cb0495b7450bd8fe43ce4af886b66fea6c40 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <a...@cryptomilk.org> -Date: Wed, 3 Jun 2020 10:05:51 +0200 -Subject: [PATCH 2/4] sftpserver: Add missing return check for - ssh_buffer_add_data() - -Signed-off-by: Andreas Schneider <a...@cryptomilk.org> -Reviewed-by: Anderson Toshiyuki Sasaki <ansas...@redhat.com> -Reviewed-by: Jakub Jelen <jje...@redhat.com> -Signed-off-by: Christian Hesse <m...@eworm.de> ---- - src/sftpserver.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/sftpserver.c b/src/sftpserver.c -index b639a2ce..9117f155 100644 ---- a/src/sftpserver.c -+++ b/src/sftpserver.c -@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { - return NULL; - } - -- ssh_buffer_add_data(msg->complete_message, -- ssh_buffer_get(payload), -- ssh_buffer_get_len(payload)); -+ rc = ssh_buffer_add_data(msg->complete_message, -+ ssh_buffer_get(payload), -+ ssh_buffer_get_len(payload)); -+ if (rc < 0) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } - - ssh_buffer_get_u32(payload, &msg->id); - - -From 10b3ebbe61a7031a3dae97f05834442220447181 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <a...@cryptomilk.org> -Date: Wed, 3 Jun 2020 10:10:11 +0200 -Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data() - -Signed-off-by: Andreas Schneider <a...@cryptomilk.org> -Reviewed-by: Anderson Toshiyuki Sasaki <ansas...@redhat.com> -Reviewed-by: Jakub Jelen <jje...@redhat.com> -Signed-off-by: Christian Hesse <m...@eworm.de> ---- - src/buffer.c | 35 ++++++++++++++++++----------------- - 1 file changed, 18 insertions(+), 17 deletions(-) - -diff --git a/src/buffer.c b/src/buffer.c -index a2e6246a..476bc135 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) - */ - int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) - { -- buffer_verify(buffer); -+ buffer_verify(buffer); - -- if (data == NULL) { -- return -1; -- } -+ if (data == NULL) { -+ return -1; -+ } - -- if (buffer->used + len < len) { -- return -1; -- } -+ if (buffer->used + len < len) { -+ return -1; -+ } - -- if (buffer->allocated < (buffer->used + len)) { -- if(buffer->pos > 0) -- buffer_shift(buffer); -- if (realloc_buffer(buffer, buffer->used + len) < 0) { -- return -1; -+ if (buffer->allocated < (buffer->used + len)) { -+ if (buffer->pos > 0) { -+ buffer_shift(buffer); -+ } -+ if (realloc_buffer(buffer, buffer->used + len) < 0) { -+ return -1; -+ } - } -- } - -- memcpy(buffer->data+buffer->used, data, len); -- buffer->used+=len; -- buffer_verify(buffer); -- return 0; -+ memcpy(buffer->data + buffer->used, data, len); -+ buffer->used += len; -+ buffer_verify(buffer); -+ return 0; - } - - /** - -From 245ad744b5ab0582fef7cf3905a717b791d7e08b Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <a...@cryptomilk.org> -Date: Wed, 3 Jun 2020 10:11:21 +0200 -Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument - -Signed-off-by: Andreas Schneider <a...@cryptomilk.org> -Reviewed-by: Anderson Toshiyuki Sasaki <ansas...@redhat.com> -Reviewed-by: Jakub Jelen <jje...@redhat.com> -Signed-off-by: Christian Hesse <m...@eworm.de> ---- - src/buffer.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/buffer.c b/src/buffer.c -index 476bc135..ce12f491 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer) - */ - int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) - { -+ if (buffer == NULL) { -+ return -1; -+ } -+ - buffer_verify(buffer); - - if (data == NULL) { Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-09-10 12:49:44 UTC (rev 395686) +++ PKGBUILD 2020-09-10 14:07:25 UTC (rev 395687) @@ -6,19 +6,18 @@ pkgbase=libssh pkgname=(libssh libssh-docs) -pkgver=0.9.4 -pkgrel=2 -pkgdesc="Library for accessing ssh client services through C libraries" -url="https://www.libssh.org/" -license=(LGPL) -arch=(x86_64) -depends=(zlib openssl) -makedepends=(cmake cmocka doxygen python) -source=(https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz{,.asc} - '0001-CVE-2020-16135.patch') -sha256sums=('150897a569852ac05aac831dc417a7ba8e610c86ca2e0154a99c6ade2486226b' - 'SKIP' - '5668b4fa30cea2fb998e7e8084639ac4d6a76972778ba24d477f6aa79cd84ec8') +pkgver=0.9.5 +pkgrel=1 +pkgdesc='Library for accessing ssh client services through C libraries' +url='https://www.libssh.org/' +license=('LGPL') +arch=('x86_64') +depends=('zlib' 'openssl') +makedepends=('cmake' 'cmocka' 'doxygen' 'python' 'openssh') +provides=('libssh.so') +source=("https://www.libssh.org/files/${pkgver%.*}/$pkgname-$pkgver.tar.xz"{,.asc}) +sha256sums=('acffef2da98e761fc1fd9c4fddde0f3af60ab44c4f5af05cd1b2d60a3fa08718' + 'SKIP') validpgpkeys=('8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D') # Andreas Schneider <a...@cryptomilk.org> prepare() { @@ -28,9 +27,6 @@ sed 's/cmocka_unit_test(torture_path_expand_tilde_unix),//' -i libssh-${pkgver}/tests/unittests/torture_misc.c mkdir -p build - - cd "$srcdir/$pkgname-$pkgver" - patch -Np1 < ../0001-CVE-2020-16135.patch } build() { @@ -56,6 +52,7 @@ package_libssh-docs() { pkgdesc="Documentation for libssh" depends=() + provides=() mkdir -p "$pkgdir"/usr/share/doc/libssh cp -r build/doc/html "$pkgdir"/usr/share/doc/libssh