Hello community,
here is the log from the commit of package libssh for openSUSE:Factory checked
in at 2017-04-18 13:47:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libssh (Old)
and /work/SRC/openSUSE:Factory/.libssh.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh"
Tue Apr 18 13:47:45 2017 rev:43 rq:487843 version:0.7.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/libssh/libssh.changes 2017-02-11
01:35:30.425068821 +0100
+++ /work/SRC/openSUSE:Factory/.libssh.new/libssh.changes 2017-04-18
13:47:49.600309297 +0200
@@ -1,0 +2,9 @@
+Thu Apr 13 14:41:57 UTC 2017 - a...@cryptomilk.org
+
+- Update to version 0.7.5
+ * Fixed a memory allocation issue with buffers
+ * Fixed PKI on Windows
+ * Fixed some SSHv1 functions
+ * Fixed config hostname expansion
+
+-------------------------------------------------------------------
Old:
----
libssh-0.7.4.tar.xz
New:
----
libssh-0.7.5.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libssh.spec ++++++
--- /var/tmp/diff_new_pack.8G3QN9/_old 2017-04-18 13:47:50.520179101 +0200
+++ /var/tmp/diff_new_pack.8G3QN9/_new 2017-04-18 13:47:50.524178535 +0200
@@ -17,7 +17,7 @@
Name: libssh
-Version: 0.7.4
+Version: 0.7.5
Release: 0
Summary: The SSH library
License: LGPL-2.1+
++++++ libssh-0.7.4.tar.xz -> libssh-0.7.5.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/CMakeLists.txt
new/libssh-0.7.5/CMakeLists.txt
--- old/libssh-0.7.4/CMakeLists.txt 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/CMakeLists.txt 2017-04-13 16:32:48.000000000 +0200
@@ -8,7 +8,7 @@
set(APPLICATION_VERSION_MAJOR "0")
set(APPLICATION_VERSION_MINOR "7")
-set(APPLICATION_VERSION_PATCH "4")
+set(APPLICATION_VERSION_PATCH "5")
set(APPLICATION_VERSION
"${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
@@ -19,7 +19,7 @@
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
-set(LIBRARY_VERSION "4.4.1")
+set(LIBRARY_VERSION "4.4.2")
set(LIBRARY_SOVERSION "4")
# where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is
checked
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/ChangeLog new/libssh-0.7.5/ChangeLog
--- old/libssh-0.7.4/ChangeLog 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/ChangeLog 2017-04-13 16:32:16.000000000 +0200
@@ -1,5 +1,12 @@
ChangeLog
==========
+
+version 0.7.5 (released 2017-04-13)
+ * Fixed a memory allocation issue with buffers
+ * Fixed PKI on Windows
+ * Fixed some SSHv1 functions
+ * Fixed config hostname expansion
+
version 0.7.4 (released 2017-02-03)
* Added id_ed25519 to the default identity list
* Fixed sftp EOF packet handling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/cmake/Modules/FindGCrypt.cmake
new/libssh-0.7.5/cmake/Modules/FindGCrypt.cmake
--- old/libssh-0.7.4/cmake/Modules/FindGCrypt.cmake 2016-05-02
06:20:57.000000000 +0200
+++ new/libssh-0.7.5/cmake/Modules/FindGCrypt.cmake 2017-04-11
17:41:28.000000000 +0200
@@ -35,6 +35,8 @@
gcrypt.h
HINTS
${_GCRYPT_ROOT_HINTS_AND_PATHS}
+ PATH_SUFFIXES
+ include
)
find_library(GCRYPT_LIBRARY
@@ -44,6 +46,8 @@
libgcrypt-11
HINTS
${_GCRYPT_ROOT_HINTS_AND_PATHS}
+ PATH_SUFFIXES
+ lib
)
set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/include/libssh/buffer.h
new/libssh-0.7.5/include/libssh/buffer.h
--- old/libssh-0.7.4/include/libssh/buffer.h 2017-02-03 09:51:50.000000000
+0100
+++ new/libssh-0.7.5/include/libssh/buffer.h 2017-04-13 16:26:39.000000000
+0200
@@ -53,6 +53,8 @@
int buffer_add_u64(ssh_buffer buffer, uint64_t data);
int ssh_buffer_add_data(ssh_buffer buffer, const void *data, uint32_t len);
+int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len);
+
int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
const char *format,
int argc,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/include/libssh/libssh.h
new/libssh-0.7.5/include/libssh/libssh.h
--- old/libssh-0.7.4/include/libssh/libssh.h 2017-02-03 09:51:50.000000000
+0100
+++ new/libssh-0.7.5/include/libssh/libssh.h 2017-04-13 16:32:31.000000000
+0200
@@ -79,7 +79,7 @@
/* libssh version */
#define LIBSSH_VERSION_MAJOR 0
#define LIBSSH_VERSION_MINOR 7
-#define LIBSSH_VERSION_MICRO 4
+#define LIBSSH_VERSION_MICRO 5
#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
LIBSSH_VERSION_MINOR, \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/src/buffer.c
new/libssh-0.7.5/src/buffer.c
--- old/libssh-0.7.4/src/buffer.c 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/src/buffer.c 2017-04-13 16:27:56.000000000 +0200
@@ -563,12 +563,15 @@
* @returns 0 if there is not enough data in buffer, len otherwise.
*/
uint32_t buffer_get_data(struct ssh_buffer_struct *buffer, void *data,
uint32_t len){
+ int rc;
+
/*
* Check for a integer overflow first, then check if not enough data is in
* the buffer.
*/
- if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
- return 0;
+ rc = ssh_buffer_validate_length(buffer, len);
+ if (rc != SSH_OK) {
+ return 0;
}
memcpy(data,buffer->data+buffer->pos,len);
buffer->pos+=len;
@@ -618,6 +621,24 @@
}
/**
+ * @brief Valdiates that the given length can be obtained from the buffer.
+ *
+ * @param[in] buffer The buffer to read from.
+ *
+ * @param[in] len The length to be checked.
+ *
+ * @return SSH_OK if the length is valid, SSH_ERROR otherwise.
+ */
+int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len)
+{
+ if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+ return SSH_ERROR;
+ }
+
+ return SSH_OK;
+}
+
+/**
* @internal
*
* @brief Get a SSH String out of the buffer and adjusts the read pointer.
@@ -630,13 +651,15 @@
uint32_t stringlen;
uint32_t hostlen;
struct ssh_string_struct *str = NULL;
+ int rc;
if (buffer_get_u32(buffer, &stringlen) == 0) {
return NULL;
}
hostlen = ntohl(stringlen);
/* verify if there is enough space in buffer to get it */
- if (buffer->pos + hostlen < hostlen || buffer->pos + hostlen > buffer->used)
{
+ rc = ssh_buffer_validate_length(buffer, hostlen);
+ if (rc != SSH_OK) {
return NULL; /* it is indeed */
}
str = ssh_string_new(hostlen);
@@ -867,11 +890,13 @@
char **cstring;
void **data;
} o;
- size_t len, rlen;
+ size_t len, rlen, max_len;
uint32_t u32len;
va_list ap_copy;
int count;
+ max_len = ssh_buffer_get_len(buffer);
+
/* copy the argument list in case a rollback is needed */
va_copy(ap_copy, ap);
@@ -921,10 +946,16 @@
break;
}
len = ntohl(u32len);
- if (len > UINT_MAX - 1){
+ if (len > max_len - 1) {
rc = SSH_ERROR;
break;
}
+
+ rc = ssh_buffer_validate_length(buffer, len);
+ if (rc != SSH_OK) {
+ break;
+ }
+
*o.cstring = malloc(len + 1);
if (*o.cstring == NULL){
rc = SSH_ERROR;
@@ -942,6 +973,15 @@
break;
case 'P':
len = va_arg(ap, size_t);
+ if (len > max_len - 1) {
+ rc = SSH_ERROR;
+ break;
+ }
+
+ rc = ssh_buffer_validate_length(buffer, len);
+ if (rc != SSH_OK) {
+ break;
+ }
o.data = va_arg(ap, void **);
count++;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/src/config.c
new/libssh-0.7.5/src/config.c
--- old/libssh-0.7.4/src/config.c 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/src/config.c 2017-04-13 16:26:19.000000000 +0200
@@ -50,6 +50,8 @@
SOC_GSSAPISERVERIDENTITY,
SOC_GSSAPICLIENTIDENTITY,
SOC_GSSAPIDELEGATECREDENTIALS,
+
+ SOC_END /* Keep this one last in the list */
};
struct ssh_config_keyword_table_s {
@@ -185,7 +187,7 @@
}
static int ssh_config_parse_line(ssh_session session, const char *line,
- unsigned int count, int *parsing) {
+ unsigned int count, int *parsing, int seen[]) {
enum ssh_config_opcode_e opcode;
const char *p;
char *s, *x;
@@ -216,6 +218,12 @@
}
opcode = ssh_config_get_opcode(keyword);
+ if (*parsing == 1 && opcode != SOC_HOST) {
+ if (seen[opcode] == 0) {
+ return 0;
+ }
+ seen[opcode] = 1;
+ }
switch (opcode) {
case SOC_HOST: {
@@ -227,18 +235,12 @@
p != NULL && p[0] != '\0';
p = ssh_config_get_str_tok(&s, NULL)) {
if (ok >= 0) {
- char *z = ssh_path_expand_escape(session, p);
-
- if (z == NULL) {
- z = strdup(p);
- }
- ok = match_hostname(lowerhost, z, strlen(z));
+ ok = match_hostname(lowerhost, p, strlen(p));
if (ok < 0) {
*parsing = 0;
} else if (ok > 0) {
*parsing = 1;
}
- free(z);
}
}
SAFE_FREE(lowerhost);
@@ -247,7 +249,12 @@
case SOC_HOSTNAME:
p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) {
- ssh_options_set(session, SSH_OPTIONS_HOST, p);
+ char *z = ssh_path_expand_escape(session, p);
+ if (z == NULL) {
+ z = strdup(p);
+ }
+ ssh_options_set(session, SSH_OPTIONS_HOST, z);
+ free(z);
}
break;
case SOC_PORT:
@@ -384,6 +391,7 @@
unsigned int count = 0;
FILE *f;
int parsing;
+ int seen[SOC_END - SOC_UNSUPPORTED] = {0};
if ((f = fopen(filename, "r")) == NULL) {
return 0;
@@ -394,7 +402,7 @@
parsing = 1;
while (fgets(line, sizeof(line), f)) {
count++;
- if (ssh_config_parse_line(session, line, count, &parsing) < 0) {
+ if (ssh_config_parse_line(session, line, count, &parsing, seen) < 0) {
fclose(f);
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/src/messages.c
new/libssh-0.7.5/src/messages.c
--- old/libssh-0.7.4/src/messages.c 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/src/messages.c 2017-04-13 16:26:19.000000000 +0200
@@ -1355,7 +1355,8 @@
msg->global_request.bind_port);
session->common.callbacks->global_request_function(session, msg,
session->common.callbacks->userdata);
} else {
- ssh_message_reply_default(msg);
+ ssh_message_queue(session, msg);
+ return rc;
}
} else if (strcmp(request, "cancel-tcpip-forward") == 0) {
r = ssh_buffer_unpack(packet, "sd",
@@ -1374,7 +1375,8 @@
if(ssh_callbacks_exists(session->common.callbacks,
global_request_function)) {
session->common.callbacks->global_request_function(session, msg,
session->common.callbacks->userdata);
} else {
- ssh_message_reply_default(msg);
+ ssh_message_queue(session, msg);
+ return rc;
}
} else {
SSH_LOG(SSH_LOG_PROTOCOL, "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s %d",
request, want_reply);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/src/pki.c new/libssh-0.7.5/src/pki.c
--- old/libssh-0.7.4/src/pki.c 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/src/pki.c 2017-04-13 16:26:19.000000000 +0200
@@ -955,7 +955,7 @@
return SSH_ERROR;
}
- file = fopen(filename, "r");
+ file = fopen(filename, "rb");
if (file == NULL) {
ssh_pki_log("Error opening %s: %s",
filename, strerror(errno));
@@ -1233,7 +1233,7 @@
return SSH_ERROR;
}
- fp = fopen(filename, "w+");
+ fp = fopen(filename, "wb+");
if (fp == NULL) {
return SSH_ERROR;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/src/session.c
new/libssh-0.7.5/src/session.c
--- old/libssh-0.7.4/src/session.c 2017-02-03 09:51:50.000000000 +0100
+++ new/libssh-0.7.5/src/session.c 2017-04-13 16:26:19.000000000 +0200
@@ -31,6 +31,9 @@
#include "libssh/crypto.h"
#include "libssh/server.h"
#include "libssh/socket.h"
+#ifdef WITH_SSH1
+#include "libssh/ssh1.h"
+#endif /* WITH_SSH1 */
#include "libssh/ssh2.h"
#include "libssh/agent.h"
#include "libssh/packet.h"
@@ -830,13 +833,17 @@
* @return SSH_OK on success, SSH_ERROR otherwise.
*/
int ssh_send_ignore (ssh_session session, const char *data) {
+#ifdef WITH_SSH1
+ const int type = session->version == 1 ? SSH_MSG_IGNORE : SSH2_MSG_IGNORE;
+#else /* WITH_SSH1 */
+ const int type = SSH2_MSG_IGNORE;
+#endif /* WITH_SSH1 */
int rc;
if (ssh_socket_is_open(session->socket)) {
-
rc = ssh_buffer_pack(session->out_buffer,
"bs",
- SSH2_MSG_IGNORE,
+ type,
data);
if (rc != SSH_OK){
ssh_set_error_oom(session);
@@ -868,12 +875,22 @@
int rc;
if (ssh_socket_is_open(session->socket)) {
- rc = ssh_buffer_pack(session->out_buffer,
- "bbsd",
- SSH2_MSG_DEBUG,
- always_display != 0 ? 1 : 0,
- message,
- 0); /* empty language tag */
+#ifdef WITH_SSH1
+ if (session->version == 1) {
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bs",
+ SSH_MSG_DEBUG,
+ message);
+ } else
+#endif /* WITH_SSH1 */
+ {
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bbsd",
+ SSH2_MSG_DEBUG,
+ always_display != 0 ? 1 : 0,
+ message,
+ 0); /* empty language tag */
+ }
if (rc != SSH_OK) {
ssh_set_error_oom(session);
goto error;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libssh-0.7.4/tests/keys/.ssh/authorized_keys
new/libssh-0.7.5/tests/keys/.ssh/authorized_keys
--- old/libssh-0.7.4/tests/keys/.ssh/authorized_keys 2015-09-09
11:34:54.000000000 +0200
+++ new/libssh-0.7.5/tests/keys/.ssh/authorized_keys 1970-01-01
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCz98jP4bLz1eNSFd5s2rauzUrREkRlcNt9yh9vXcRIMn19Jt35GUJQzqL5+gRVXbfFZ1qd2zYGSfva0aKclp0iA5ZT6SjGn6BGa0ksT842IAolCpErd44k0EfoC33o0yongbC/nobhbry4+APBRVDBUhzoRzpHKmLPsMT5L76BK8FAhVRC3teQ9xc7I3nO6PmoOFkziXpXs6D0taPj/YgXlpy8qN8gyl6qaen3PoFNhlC25BTpvVW4RiFfK8zouQzCd2xUaHjqQMoyZFCHIDwDqq8sCWIwyrzyTmBHgB4l5OeoNH9DXbQjo8ypg2XpMtOTz8qic448NH9dcZveIXrv
a...@krikkit.cryptomilk.site
