Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)

Have libssh-devel require cmake-filesystem

.gitignore

@@ -66,3 +66,5 @@ libssh-0.4.4.tar.gz.asc
 /libssh-0.10.3.tar.xz.asc
 /libssh-0.10.4.tar.xz
 /libssh-0.10.4.tar.xz.asc
+/libssh-0.10.5.tar.xz
+/libssh-0.10.5.tar.xz.asc

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
-Version:        0.10.4
-Release:        4%{?dist}
+Version:        0.10.5
+Release:        1%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPL-2.1-or-later
 URL:            http://www.libssh.org
@@ -40,8 +40,6 @@ Provides: libssh_threads.so.4()(64bit)
 Provides: libssh_threads.so.4
 %endif
 
-Patch1: pkcs11_test_fix.patch
-
 %description
 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client is
@@ -53,6 +51,7 @@ third-party programs others than libcrypto (from openssl).
 %package devel
 Summary:        Development files for %{name}
 Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       cmake-filesystem
 
 %description devel
 The %{name}-devel package contains libraries and header files for developing
@@ -120,8 +119,6 @@ popd
 
 %files devel
 %{_includedir}/libssh/
-# own this to avoid dep on cmake -- rex
-%dir  %{_libdir}/cmake/
 %{_libdir}/cmake/libssh/
 %{_libdir}/pkgconfig/libssh.pc
 %{_libdir}/libssh.so
@@ -133,6 +130,10 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Fri May 05 2023 Orion Poplawski <orion@nwra.com> - 0.10.5-1
+- Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)
+- Have libssh-devel require cmake-filesystem
+
 * Sun Mar 05 2023 Andreas Schneider <asn@redhat.com> - 0.10.4-4
 - Update License to SPDX expression
 

pkcs11_test_fix.patch

@@ -1,98 +0,0 @@
-diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
-index 532c86a7..9050cea6 100755
---- a/tests/pkcs11/setup-softhsm-tokens.sh
-+++ b/tests/pkcs11/setup-softhsm-tokens.sh
-@@ -17,10 +17,10 @@ echo "OBJNAME: $OBJNAME"
- echo "LOADPUBLIC: $LOADPUBLIC"
-
- # Create temporary directory for tokens
--install -d -m 0755 $TESTDIR/db
-+install -d -m 0755 "$TESTDIR/db"
-
- # Create SoftHSM configuration file
--cat >$TESTDIR/softhsm.conf <<EOF
-+cat >"$TESTDIR/softhsm.conf" <<EOF
- directories.tokendir = $TESTDIR/db
- objectstore.backend = file
- log.level = DEBUG
-@@ -28,12 +28,12 @@ EOF
-
- export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
-
--cat $TESTDIR/softhsm.conf
-+cat "$TESTDIR/softhsm.conf"
-
- #init
--cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
-+cmd="softhsm2-util --init-token --label $OBJNAME --free --pin 1234 --so-pin 1234"
- eval echo "$cmd"
--out=$(eval $cmd)
-+out=$(eval "$cmd")
- ret=$?
- if [ $ret -ne 0 ]; then
-     echo "Init token failed"
-@@ -41,10 +41,29 @@ if [ $ret -ne 0 ]; then
-     exit 1
- fi
-
-+find_library_path() {
-+    echo "$@"
-+    for _lib in "$@" ; do
-+        if test -f "$_lib" ; then
-+            LIBSOFTHSM_PATH="$_lib"
-+            echo "Using libsofthsm path: $LIBSOFTHSM_PATH"
-+            return
-+        fi
-+    done
-+    echo "libsofthsm2.so not found"
-+    exit 1
-+}
-+
-+find_library_path \
-+    /usr/lib64/libsofthsm2.so \
-+    /usr/lib/libsofthsm2.so \
-+    /usr/local/lib/softhsm/libsofthsm2.so \
-+    /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
-+
- #load private key
--cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
-+cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
- eval echo "$cmd"
--out=$(eval $cmd)
-+out=$(eval "$cmd")
- ret=$?
- if [ $ret -ne 0 ]; then
-    echo "Loading privkey failed"
-@@ -52,15 +71,15 @@ if [ $ret -ne 0 ]; then
-    exit 1
- fi
-
--cat $PUBKEY
-+cat "$PUBKEY"
-
--ls -l $TESTDIR
-+ls -l "$TESTDIR"
-
--if [ $LOADPUBLIC -ne 0 ]; then
-+if [ "$LOADPUBLIC" -ne 0 ]; then
- #load public key
--    cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
-+    cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
-     eval echo "$cmd"
--    out=$(eval $cmd)
-+    out=$(eval "$cmd")
-     ret=$?
-     if [ $ret -ne 0 ]; then
-         echo "Loading pubkey failed"
-@@ -69,9 +88,9 @@ if [ $LOADPUBLIC -ne 0 ]; then
-     fi
- fi
-
--cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
-+cmd="p11tool --list-all --login \"pkcs11:token=$OBJNAME\" --set-pin=1234"
- eval echo "$cmd"
--out=$(eval $cmd)
-+out=$(eval "$cmd")
- ret=$?
- if [ $ret -ne 0 ]; then
-     echo "Loging failed"

sources

@@ -1,2 +1,2 @@
-SHA512 (libssh-0.10.4.tar.xz) = 01ee52d480201d9886c15e81137c185334b404d1c8e8b743ddf58e95fe8619c8c013616a49807bd1111fde72fa177cd35f3c22b66cbf5d720b5abfacdf7601ed
-SHA512 (libssh-0.10.4.tar.xz.asc) = 8200215d6471851dac8cd8efd07400b9bc4403cf5406a9fdb28a68ef8fe85c227f92a26071fb32d9396b91661568333b5ceb9b23665d22e761b981dd880bbbc8
+SHA512 (libssh-0.10.5.tar.xz) = 2b758f9df2b5937865d4aee775ffeafafe3ae6739a89dfc470e38c7394e3c3cb5fcf8f842fdae04929890ee7e47bf8f50e3a38e82dfd26a009f3aae009d589e0
+SHA512 (libssh-0.10.5.tar.xz.asc) = aad5e75d0a5b2e93c6de08f2b6953f05dbef47e14a08eb75c57d3f519a8323064454ba5fbc86b3538489f571a5e446ed942f2b1cea2063c8645ef36815dd2511