From 57b527a2bb9cf9854b200044bfd6a8ff0a1f2b86 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 9 Apr 2020 13:28:36 +0200
Subject: [PATCH] Update to version 0.9.4

Fixes CVE-2020-1730
---
 ...sh-0.9.4-enable-sshd-sha1-algorithms.patch | 18 ++++++++
 ...sh-0.9.4-torture_fix_pid_range_check.patch | 46 -------------------
 libssh.spec                                   | 14 ++++--
 libssh_server.config                          |  2 -
 4 files changed, 29 insertions(+), 51 deletions(-)
 create mode 100644 libssh-0.9.4-enable-sshd-sha1-algorithms.patch
 delete mode 100644 libssh-0.9.4-torture_fix_pid_range_check.patch

diff --git a/libssh-0.9.4-enable-sshd-sha1-algorithms.patch b/libssh-0.9.4-enable-sshd-sha1-algorithms.patch
new file mode 100644
index 0000000..a821223
--- /dev/null
+++ b/libssh-0.9.4-enable-sshd-sha1-algorithms.patch
@@ -0,0 +1,18 @@
+--- a/tests/torture.c	2020-04-09 16:16:07.691894761 +0200
++++ b/tests/torture.c	2020-04-09 20:11:50.577962771 +0200
+@@ -636,6 +636,15 @@
+ # else /* HAVE_DSA */
+              "HostKeyAlgorithms +ssh-rsa\n"
+ # endif /* HAVE_DSA */
++/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1
++ * deprecation*/
++# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2)
++             "KexAlgorithms +diffie-hellman-group14-sha1,"
++             "diffie-hellman-group-exchange-sha1,"
++             "diffie-hellman-group1-sha1\n"
++             "HostKeyAlgorithms +ssh-rsa\n"
++             "CASignatureAlgorithms +ssh-rsa\n"
++#endif
+ # if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6)
+              "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
+ # else /* OPENSSH_VERSION 7.0 - 7.5 */
diff --git a/libssh-0.9.4-torture_fix_pid_range_check.patch b/libssh-0.9.4-torture_fix_pid_range_check.patch
deleted file mode 100644
index 17e10fe..0000000
--- a/libssh-0.9.4-torture_fix_pid_range_check.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From b33dcda94d313913a877bc8db006ad02141bc695 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 11 Dec 2019 11:07:33 +0100
-Subject: [PATCH] torture: Accept whole pid_t range
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit d2a32ca6d3c40483a6d10340d3e11da9259e1379)
----
- tests/torture.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/tests/torture.c b/tests/torture.c
-index 360fd02a..907f45b3 100644
---- a/tests/torture.c
-+++ b/tests/torture.c
-@@ -196,6 +196,7 @@ torture_read_pidfile(const char *pidfile)
- {
-     char buf[8] = {0};
-     long int tmp;
-+    pid_t ret;
-     ssize_t rc;
-     int fd;
- 
-@@ -213,11 +214,16 @@ torture_read_pidfile(const char *pidfile)
-     buf[sizeof(buf) - 1] = '\0';
- 
-     tmp = strtol(buf, NULL, 10);
--    if (tmp == 0 || tmp > 0xFFFF || errno == ERANGE) {
-+    if (tmp == 0 || errno == ERANGE) {
-+        return -1;
-+    }
-+    ret = (pid_t)tmp;
-+    /* Check if we are out of pid_t range on this system */
-+    if ((long)ret != tmp) {
-         return -1;
-     }
- 
--    return (pid_t)(tmp & 0xFFFF);
-+    return ret;
- }
- 
- int torture_terminate_process(const char *pidfile)
--- 
-2.23.0
-
diff --git a/libssh.spec b/libssh.spec
index 85d3738..b371d90 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -1,6 +1,6 @@
 Name:           libssh
-Version:        0.9.3
-Release:        2%{?dist}
+Version:        0.9.4
+Release:        1%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -11,7 +11,7 @@ Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC
 Source3:        libssh_client.config
 Source4:        libssh_server.config
 
-Patch0:         libssh-0.9.4-torture_fix_pid_range_check.patch
+Patch0:         libssh-0.9.4-enable-sshd-sha1-algorithms.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -136,6 +136,14 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Thu Apr 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-1
+- Update to version 0.9.4
+  https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
+- Removed inclusion of OpenSSH server configuration file from
+  libssh_server.config
+- Added patch to re-enable algorithms using sha1 in sshd for testing
+- resolves: #1822529 - CVE-2020-1730
+
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
diff --git a/libssh_server.config b/libssh_server.config
index 279b5a3..d3ef5c2 100644
--- a/libssh_server.config
+++ b/libssh_server.config
@@ -1,4 +1,2 @@
 # Parse system-wide crypto configuration file
 Include /etc/crypto-policies/back-ends/libssh.config
-# Parse OpenSSH configuration file for consistency
-Include /etc/ssh/sshd_config