Add libssh 0.7.1-7 from RHEL/CentOS 7 to EPEL 7 (limited arch pkg)
Package got part of rhel-7-{server,workstation}-extras-rpms repo, however only for x86_64, but not for aarch64, ppc64 and ppc64le.
This commit is contained in:
parent
e323d99437
commit
dc7c7413c0
|
@ -1,21 +1 @@
|
|||
libssh-0.4.4.tar.gz
|
||||
libssh-0.4.4.tar.gz.asc
|
||||
/libssh-0.4.6.tar.gz
|
||||
/libssh-0.4.6.tar.gz.asc
|
||||
/libssh-0.4.8.tar.gz
|
||||
/libssh-0.4.8.tar.gz.asc
|
||||
/libssh-0.5.0.tar.gz
|
||||
/libssh-0.5.0.tar.gz.asc
|
||||
/libssh-0.5.2.tar.gz
|
||||
/libssh-0.5.2.tar.gz.asc
|
||||
/libssh-0.5.3.tar.gz
|
||||
/libssh-0.5.3.tar.asc
|
||||
/libssh-0.5.4.tar.gz
|
||||
/libssh-0.5.4.tar.asc
|
||||
/libssh-0.5.5.tar.gz
|
||||
/libssh-0.5.5.tar.asc
|
||||
/libssh-0.6.0.tar.xz
|
||||
/libssh-0.6.1.tar.xz
|
||||
/libssh-0.6.3.tar.xz
|
||||
/libssh-0.6.4.tar.gz
|
||||
/libssh-0.6.5.tar.xz
|
||||
/libssh-*.tar.xz
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
--- a/libssh-0.7.2-fix_agent_bigendian.patch
|
||||
+++ a/libssh-0.7.2-fix_agent_bigendian.patch
|
||||
@@ -0,0 +1,105 @@
|
||||
+From 0425ac9ad0f8f1cefa12b448d31a400ced3e89b9 Mon Sep 17 00:00:00 2001
|
||||
+From: Andreas Schneider <asn@cryptomilk.org>
|
||||
+Date: Wed, 14 Oct 2015 20:45:49 +0200
|
||||
+Subject: [PATCH] agent: Fix agent auth on big endian machines
|
||||
+
|
||||
+BUG: https://red.libssh.org/issues/204
|
||||
+
|
||||
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
+---
|
||||
+ ConfigureChecks.cmake | 1 +
|
||||
+ include/libssh/priv.h | 10 ++++++++++
|
||||
+ src/agent.c | 17 +++++++++++++----
|
||||
+ 3 files changed, 24 insertions(+), 4 deletions(-)
|
||||
+
|
||||
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
|
||||
+index c0326c2..3587b07 100644
|
||||
+--- a/ConfigureChecks.cmake
|
||||
++++ b/ConfigureChecks.cmake
|
||||
+@@ -56,6 +56,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H)
|
||||
+ check_include_file(sys/time.h HAVE_SYS_TIME_H)
|
||||
+ check_include_file(sys/param.h HAVE_SYS_PARAM_H)
|
||||
+ check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
|
||||
++check_include_file(byteswap.h HAVE_BYTESWAP_H)
|
||||
+
|
||||
+ if (WIN32)
|
||||
+ check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
|
||||
+diff --git a/include/libssh/priv.h b/include/libssh/priv.h
|
||||
+index 95a22c6..b7a80fe 100644
|
||||
+--- a/include/libssh/priv.h
|
||||
++++ b/include/libssh/priv.h
|
||||
+@@ -43,6 +43,16 @@
|
||||
+ # endif
|
||||
+ #endif /* !defined(HAVE_STRTOULL) */
|
||||
+
|
||||
++#ifdef HAVE_BYTESWAP_H
|
||||
++#include <byteswap.h>
|
||||
++#endif
|
||||
++
|
||||
++#ifndef bswap_32
|
||||
++#define bswap_32(x) \
|
||||
++ ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
|
||||
++ (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
|
||||
++#endif
|
||||
++
|
||||
+ #ifdef _WIN32
|
||||
+
|
||||
+ /* Imitate define of inttypes.h */
|
||||
+diff --git a/src/agent.c b/src/agent.c
|
||||
+index 922d753..e520773 100644
|
||||
+--- a/src/agent.c
|
||||
++++ b/src/agent.c
|
||||
+@@ -382,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
|
||||
+ ssh_buffer_free(reply);
|
||||
+ return -1;
|
||||
+ }
|
||||
++#ifdef WORDS_BIGENDIAN
|
||||
++ type = bswap_32(type);
|
||||
++#endif
|
||||
+
|
||||
+ SSH_LOG(SSH_LOG_WARN,
|
||||
+ "Answer type: %d, expected answer: %d",
|
||||
+@@ -392,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
|
||||
+ return 0;
|
||||
+ } else if (type != c2) {
|
||||
+ ssh_set_error(session, SSH_FATAL,
|
||||
+- "Bad authentication reply message type: %d", type);
|
||||
++ "Bad authentication reply message type: %u", type);
|
||||
+ ssh_buffer_free(reply);
|
||||
+ return -1;
|
||||
+ }
|
||||
+@@ -507,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
|
||||
+ ssh_buffer reply;
|
||||
+ ssh_string key_blob;
|
||||
+ ssh_string sig_blob;
|
||||
+- int type = SSH2_AGENT_FAILURE;
|
||||
+- int flags = 0;
|
||||
++ unsigned int type = 0;
|
||||
++ unsigned int flags = 0;
|
||||
+ uint32_t dlen;
|
||||
+ int rc;
|
||||
+
|
||||
+@@ -572,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
|
||||
+ ssh_buffer_free(reply);
|
||||
+ return NULL;
|
||||
+ }
|
||||
++#ifdef WORDS_BIGENDIAN
|
||||
++ type = bswap_32(type);
|
||||
++#endif
|
||||
+
|
||||
+ if (agent_failed(type)) {
|
||||
+ SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
|
||||
+ ssh_buffer_free(reply);
|
||||
+ return NULL;
|
||||
+ } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
|
||||
+- ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type);
|
||||
++ ssh_set_error(session,
|
||||
++ SSH_FATAL,
|
||||
++ "Bad authentication response: %u",
|
||||
++ type);
|
||||
+ ssh_buffer_free(reply);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+--
|
||||
+2.5.0
|
||||
+
|
||||
|
|
@ -1,22 +1,19 @@
|
|||
From 1fd92622d87787d183099defb15a5e7bb4e2c875 Mon Sep 17 00:00:00 2001
|
||||
From dc2eaa017fe77e53bd9f1d4327a480d9bfe6cc6a Mon Sep 17 00:00:00 2001
|
||||
From: Aris Adamantiadis <aris@0xbadc0de.be>
|
||||
Date: Tue, 9 Feb 2016 15:09:27 +0100
|
||||
Subject: [PATCH] dh: Fix CVE-2016-0739
|
||||
Subject: [PATCH] dh: fix CVE-2016-0739
|
||||
|
||||
Due to a byte/bit confusion, the DH secret was too short. This file was
|
||||
completely reworked and will be commited in a future version.
|
||||
|
||||
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/dh.c | 22 +++++++++++++++++-----
|
||||
1 file changed, 17 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/dh.c b/src/dh.c
|
||||
index 010a1dd..7a817e8 100644
|
||||
index e489a1d..d27b66e 100644
|
||||
--- a/src/dh.c
|
||||
+++ b/src/dh.c
|
||||
@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, bignum num) {
|
||||
@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
|
||||
}
|
||||
|
||||
int dh_generate_x(ssh_session session) {
|
||||
|
@ -40,7 +37,7 @@ index 010a1dd..7a817e8 100644
|
|||
#endif
|
||||
|
||||
/* not harder than this */
|
||||
@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) {
|
||||
@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
|
||||
|
||||
/* used by server */
|
||||
int dh_generate_y(ssh_session session) {
|
||||
|
@ -66,5 +63,6 @@ index 010a1dd..7a817e8 100644
|
|||
|
||||
/* not harder than this */
|
||||
--
|
||||
2.5.0
|
||||
2.7.1
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,363 @@
|
|||
From f3f140e65f0e58fc37b04dbe4173d6ecda0127ac Mon Sep 17 00:00:00 2001
|
||||
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
||||
Date: Thu, 9 Aug 2018 11:00:00 +0200
|
||||
Subject: dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()
|
||||
|
||||
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 1499b38aef17beac8b438522535daf428600d529)
|
||||
---
|
||||
include/libssh/libssh.h | 3 ++-
|
||||
src/dh.c | 23 +++++++++++++++++++++++
|
||||
2 files changed, 25 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
||||
index 37214898..320dc032 100644
|
||||
--- a/include/libssh/libssh.h
|
||||
+++ b/include/libssh/libssh.h
|
||||
@@ -444,7 +444,8 @@ LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
|
||||
|
||||
enum ssh_publickey_hash_type {
|
||||
SSH_PUBLICKEY_HASH_SHA1,
|
||||
- SSH_PUBLICKEY_HASH_MD5
|
||||
+ SSH_PUBLICKEY_HASH_MD5,
|
||||
+ SSH_PUBLICKEY_HASH_SHA256
|
||||
};
|
||||
LIBSSH_API int ssh_get_publickey_hash(const ssh_key key,
|
||||
enum ssh_publickey_hash_type type,
|
||||
diff --git a/src/dh.c b/src/dh.c
|
||||
index d27b66eb..bf1ade8b 100644
|
||||
--- a/src/dh.c
|
||||
+++ b/src/dh.c
|
||||
@@ -1039,6 +1039,29 @@ int ssh_get_publickey_hash(const ssh_key key,
|
||||
*hlen = SHA_DIGEST_LEN;
|
||||
}
|
||||
break;
|
||||
+ case SSH_PUBLICKEY_HASH_SHA256:
|
||||
+ {
|
||||
+ SHA256CTX ctx;
|
||||
+
|
||||
+ h = malloc(SHA256_DIGEST_LEN);
|
||||
+ if (h == NULL) {
|
||||
+ rc = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ ctx = sha256_init();
|
||||
+ if (ctx == NULL) {
|
||||
+ free(h);
|
||||
+ rc = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
|
||||
+ sha256_final(h, ctx);
|
||||
+
|
||||
+ *hlen = SHA256_DIGEST_LEN;
|
||||
+ }
|
||||
+ break;
|
||||
case SSH_PUBLICKEY_HASH_MD5:
|
||||
{
|
||||
MD5CTX ctx;
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
||||
From 9c62d6dfcd798d28895f5dd1b76a28524bcf18d3 Mon Sep 17 00:00:00 2001
|
||||
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
||||
Date: Thu, 9 Aug 2018 11:00:00 +0200
|
||||
Subject: dh: Add ssh_print_hash() function which can deal with sha256
|
||||
|
||||
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit f32cb706752d8dc35ad53a64f51e432cc0bc41cd)
|
||||
---
|
||||
include/libssh/libssh.h | 1 +
|
||||
src/dh.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 81 insertions(+)
|
||||
|
||||
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
||||
index 320dc032..f6cce1e4 100644
|
||||
--- a/include/libssh/libssh.h
|
||||
+++ b/include/libssh/libssh.h
|
||||
@@ -564,6 +564,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
|
||||
|
||||
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
|
||||
|
||||
+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
|
||||
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
|
||||
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
|
||||
LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
|
||||
diff --git a/src/dh.c b/src/dh.c
|
||||
index bf1ade8b..66a0e704 100644
|
||||
--- a/src/dh.c
|
||||
+++ b/src/dh.c
|
||||
@@ -1097,6 +1097,38 @@ out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * @internal
|
||||
+ *
|
||||
+ * @brief Convert a buffer into an unpadded base64 string.
|
||||
+ * The caller has to free the memory.
|
||||
+ *
|
||||
+ * @param hash What should be converted to a base64 string.
|
||||
+ *
|
||||
+ * @param len Length of the buffer to convert.
|
||||
+ *
|
||||
+ * @return The base64 string or NULL on error.
|
||||
+ *
|
||||
+ * @see ssh_string_free_char()
|
||||
+ */
|
||||
+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len)
|
||||
+{
|
||||
+ char *b64_padded = NULL;
|
||||
+ char *b64_unpadded = NULL;
|
||||
+ size_t k;
|
||||
+
|
||||
+ b64_padded = (char *)bin_to_base64(hash, (int)len);
|
||||
+ if (b64_padded == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--);
|
||||
+
|
||||
+ b64_unpadded = strndup(b64_padded, k);
|
||||
+ SAFE_FREE(b64_padded);
|
||||
+
|
||||
+ return b64_unpadded;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* @brief Convert a buffer into a colon separated hex string.
|
||||
* The caller has to free the memory.
|
||||
@@ -1134,6 +1166,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
|
||||
return hexa;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * @brief Print a hash as a human-readable hex- or base64-string.
|
||||
+ *
|
||||
+ * This function prints hex strings if the given hash is a md5 sum.
|
||||
+ * But prints unpadded base64 strings for sha sums.
|
||||
+ * Either way, the output is prepended by the hash-type.
|
||||
+ *
|
||||
+ * @param type Which sort of hash is given.
|
||||
+ *
|
||||
+ * @param hash What should be converted to a base64 string.
|
||||
+ *
|
||||
+ * @param len Length of the buffer to convert.
|
||||
+ */
|
||||
+void ssh_print_hash(enum ssh_publickey_hash_type type,
|
||||
+ unsigned char *hash,
|
||||
+ size_t len) {
|
||||
+ const char *prefix = "UNKNOWN";
|
||||
+ char *fingerprint = NULL;
|
||||
+
|
||||
+ switch (type) {
|
||||
+ case SSH_PUBLICKEY_HASH_SHA1:
|
||||
+ case SSH_PUBLICKEY_HASH_SHA256:
|
||||
+ fingerprint = ssh_get_b64_unpadded(hash, len);
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_MD5:
|
||||
+ fingerprint = ssh_get_hexa(hash, len);
|
||||
+ break;
|
||||
+ }
|
||||
+ if (fingerprint == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ switch (type) {
|
||||
+ case SSH_PUBLICKEY_HASH_MD5:
|
||||
+ prefix = "MD5";
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_SHA1:
|
||||
+ prefix = "SHA1";
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_SHA256:
|
||||
+ prefix = "SHA256";
|
||||
+ break;
|
||||
+ }
|
||||
+ fprintf(stderr, "%s:%s\n", prefix, fingerprint);
|
||||
+
|
||||
+ SAFE_FREE(fingerprint);
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* @brief Print a buffer as colon separated hex string.
|
||||
*
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
||||
From 7a7c0a54bc24391fcff0aaccd983de621cb3e60d Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Sun, 2 Sep 2018 15:45:41 +0200
|
||||
Subject: dh: Add ssh_get_fingerprint_hash()
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit bbed139ecab26cb46b0bb3a21fa4cd2a4f12dadd)
|
||||
---
|
||||
include/libssh/libssh.h | 3 ++
|
||||
src/dh.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 76 insertions(+)
|
||||
|
||||
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
||||
index f6cce1e4..7f59abe4 100644
|
||||
--- a/include/libssh/libssh.h
|
||||
+++ b/include/libssh/libssh.h
|
||||
@@ -564,6 +564,9 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
|
||||
|
||||
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
|
||||
|
||||
+LIBSSH_API char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
||||
+ unsigned char *hash,
|
||||
+ size_t len);
|
||||
LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
|
||||
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
|
||||
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
|
||||
diff --git a/src/dh.c b/src/dh.c
|
||||
index 66a0e704..38298b2d 100644
|
||||
--- a/src/dh.c
|
||||
+++ b/src/dh.c
|
||||
@@ -1166,6 +1166,79 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
|
||||
return hexa;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * @brief Get a hash as a human-readable hex- or base64-string.
|
||||
+ *
|
||||
+ * This gets an allocated fingerprint hash. It is a hex strings if the given
|
||||
+ * hash is a md5 sum. If it is a SHA sum, it will return an unpadded base64
|
||||
+ * strings. Either way, the output is prepended by the hash-type.
|
||||
+ *
|
||||
+ * @param type Which sort of hash is given.
|
||||
+ *
|
||||
+ * @param hash What should be converted to a base64 string.
|
||||
+ *
|
||||
+ * @param len Length of the buffer to convert.
|
||||
+ *
|
||||
+ * @return Returns the allocated fingerprint hash or NULL on error.
|
||||
+ *
|
||||
+ * @see ssh_string_free_char()
|
||||
+ */
|
||||
+char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
||||
+ unsigned char *hash,
|
||||
+ size_t len)
|
||||
+{
|
||||
+ const char *prefix = "UNKNOWN";
|
||||
+ char *fingerprint = NULL;
|
||||
+ char *str = NULL;
|
||||
+ size_t str_len;
|
||||
+ int rc;
|
||||
+
|
||||
+ switch (type) {
|
||||
+ case SSH_PUBLICKEY_HASH_SHA1:
|
||||
+ case SSH_PUBLICKEY_HASH_SHA256:
|
||||
+ fingerprint = ssh_get_b64_unpadded(hash, len);
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_MD5:
|
||||
+ fingerprint = ssh_get_hexa(hash, len);
|
||||
+ break;
|
||||
+ }
|
||||
+ if (fingerprint == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ switch (type) {
|
||||
+ case SSH_PUBLICKEY_HASH_MD5:
|
||||
+ prefix = "MD5";
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_SHA1:
|
||||
+ prefix = "SHA1";
|
||||
+ break;
|
||||
+ case SSH_PUBLICKEY_HASH_SHA256:
|
||||
+ prefix = "SHA256";
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ str_len = strlen(prefix);
|
||||
+ if (str_len + 1 + strlen(fingerprint) + 1 < str_len) {
|
||||
+ SAFE_FREE(fingerprint);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ str_len += 1 + strlen(fingerprint) + 1;
|
||||
+
|
||||
+ str = malloc(str_len);
|
||||
+ if (str == NULL) {
|
||||
+ SAFE_FREE(fingerprint);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ rc = snprintf(str, str_len, "%s:%s", prefix, fingerprint);
|
||||
+ SAFE_FREE(fingerprint);
|
||||
+ if (rc < 0 || rc < (int)(str_len - 1)) {
|
||||
+ SAFE_FREE(str);
|
||||
+ }
|
||||
+
|
||||
+ return str;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* @brief Print a hash as a human-readable hex- or base64-string.
|
||||
*
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
||||
From e765c1400a724cc5009fd03395ef54b28de9c296 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Sun, 2 Sep 2018 15:47:41 +0200
|
||||
Subject: dh: Use ssh_get_fingerprint_hash() in ssh_print_hash()
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
(cherry picked from commit 92aa2cf4963b714d0f30d4fb0f9e609200224f7a)
|
||||
---
|
||||
src/dh.c | 29 ++++++-----------------------
|
||||
1 file changed, 6 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/dh.c b/src/dh.c
|
||||
index 38298b2d..d7182798 100644
|
||||
--- a/src/dh.c
|
||||
+++ b/src/dh.c
|
||||
@@ -1254,35 +1254,18 @@ char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
||||
*/
|
||||
void ssh_print_hash(enum ssh_publickey_hash_type type,
|
||||
unsigned char *hash,
|
||||
- size_t len) {
|
||||
- const char *prefix = "UNKNOWN";
|
||||
+ size_t len)
|
||||
+{
|
||||
char *fingerprint = NULL;
|
||||
|
||||
- switch (type) {
|
||||
- case SSH_PUBLICKEY_HASH_SHA1:
|
||||
- case SSH_PUBLICKEY_HASH_SHA256:
|
||||
- fingerprint = ssh_get_b64_unpadded(hash, len);
|
||||
- break;
|
||||
- case SSH_PUBLICKEY_HASH_MD5:
|
||||
- fingerprint = ssh_get_hexa(hash, len);
|
||||
- break;
|
||||
- }
|
||||
+ fingerprint = ssh_get_fingerprint_hash(type,
|
||||
+ hash,
|
||||
+ len);
|
||||
if (fingerprint == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
- switch (type) {
|
||||
- case SSH_PUBLICKEY_HASH_MD5:
|
||||
- prefix = "MD5";
|
||||
- break;
|
||||
- case SSH_PUBLICKEY_HASH_SHA1:
|
||||
- prefix = "SHA1";
|
||||
- break;
|
||||
- case SSH_PUBLICKEY_HASH_SHA256:
|
||||
- prefix = "SHA256";
|
||||
- break;
|
||||
- }
|
||||
- fprintf(stderr, "%s:%s\n", prefix, fingerprint);
|
||||
+ fprintf(stderr, "%s\n", fingerprint);
|
||||
|
||||
SAFE_FREE(fingerprint);
|
||||
}
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 4ea46eecce9f4e676150fe27fec34e1570b70ace Mon Sep 17 00:00:00 2001
|
||||
From: Meng Tan <mtan@wallix.com>
|
||||
Date: Wed, 17 Oct 2018 14:50:08 +0200
|
||||
Subject: server: Set correct state after sending INFO_REQUEST (Kbd
|
||||
Interactive)
|
||||
|
||||
Signed-off-by: Meng Tan <mtan@wallix.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/server.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index e14636ec..84cc4f7a 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -1039,6 +1039,7 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
|
||||
msg->session->kbdint->prompts = NULL;
|
||||
msg->session->kbdint->echo = NULL;
|
||||
}
|
||||
+ msg->session->auth_state = SSH_AUTH_STATE_INFO;
|
||||
|
||||
return rc;
|
||||
}
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
65
libssh.spec
65
libssh.spec
|
@ -1,15 +1,21 @@
|
|||
%define _hardened_build 1
|
||||
|
||||
Name: libssh
|
||||
Version: 0.6.5
|
||||
Release: 2%{?dist}
|
||||
Version: 0.7.1
|
||||
Release: 0.7%{?dist}
|
||||
Summary: A library implementing the SSH protocol
|
||||
License: LGPLv2+
|
||||
URL: http://www.libssh.org
|
||||
Group: System Environment/Libraries
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
Source0: https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz
|
||||
Source0: https://red.libssh.org/attachments/download/154/libssh-0.7.1.tar.xz
|
||||
|
||||
Patch0: CVE-2016-0739-v0-6.patch
|
||||
Patch1: libssh-CVE-2016-0739.patch
|
||||
Patch2: libssh-0.7.1-fix_agent_bigendian.patch
|
||||
Patch3: libssh-CVE-2018-10933.patch
|
||||
Patch4: libssh-SHA256.patch
|
||||
Patch5: libssh-fix-kbdint.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: doxygen
|
||||
|
@ -38,12 +44,16 @@ applications that use %{name}.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%patch0 -p1 -b .CVE-2016-0739-v0-6.patch
|
||||
%patch1 -p1
|
||||
%patch2 -p1 -b .libssh-0.7.2-fix_agent_bigendian.patch
|
||||
%patch3 -p1 -b .libssh-CVE-2018-10933.patch
|
||||
%patch4 -p1 -b .libssh-SHA256.patch
|
||||
%patch5 -p1 -b .libssh-fix-kbdint.patch
|
||||
|
||||
# Remove examples, they are not packaged and do not build on EPEL 5
|
||||
sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
|
||||
rm -rf examples
|
||||
sed -i -e 's| -pedantic-errors||g' cmake/Modules/DefineCompilerFlags.cmake
|
||||
|
||||
%build
|
||||
if test ! -e "obj"; then
|
||||
|
@ -53,7 +63,7 @@ pushd obj
|
|||
|
||||
%cmake \
|
||||
%{_builddir}/%{name}-%{version}
|
||||
make %{?_smp_mflags} VERBOSE=1
|
||||
make %{?_smp_mflags} VERBOSE=1 CFLAGS="-no-pedantic-errors"
|
||||
make doc
|
||||
|
||||
popd
|
||||
|
@ -93,14 +103,43 @@ rm -rf %{buildroot}
|
|||
%{_libdir}/libssh_threads.so
|
||||
|
||||
%changelog
|
||||
* Thu Feb 25 2016 Andreas Schneider <asn@redhat.com> - 0.6.5-2
|
||||
- resolves: #1311259 - Fix CVE-2016-0739
|
||||
* Mon Apr 01 2019 Robert Scheck <robert@fedoraproject.org> - 0.7.1-0.7
|
||||
- Add libssh 0.7.1-7 from RHEL/CentOS 7 to EPEL 7 (limited arch pkg)
|
||||
|
||||
* Thu Apr 30 2015 Andreas Schneider <asn@redhat.com> - 0.6.5-1
|
||||
- resolves: #1213775 - Security fix for CVE-2015-3146
|
||||
- resolves: #1218077 - Security fix for CVE-2015-3146
|
||||
* Sun Oct 28 2018 Martin Pitt <mpitt@redhat.com> - 0.7.1-7
|
||||
- resolves: #1637182 - Add SHA256 fingerprint support
|
||||
- Fix regression with keyboard interactive authentication introduced in
|
||||
previous update
|
||||
|
||||
* Fri Dec 19 2014 - Andreas Schneider <asn@redhat.com> - 0.6.4-1
|
||||
* Tue Oct 09 2018 Andreas Schneider <asn@redhat.com> - 0.7.1-6
|
||||
- resolves: #1637257 - Fix CVE-2018-10933
|
||||
|
||||
* Thu May 03 2018 - Lokesh Mandvekar <lsm5@redhat.com> - 0.7.1-5
|
||||
- correct bogus date annoyance
|
||||
|
||||
* Thu May 03 2018 - Lokesh Mandvekar <lsm5@redhat.com> - 0.7.1-4
|
||||
- Resolves: #1574670 - bump release tag to have build shipped to
|
||||
client/workstation repos
|
||||
|
||||
* Wed Mar 22 2017 - Dominik Perpeet <dperpeet@redhat.com> - 0.7.1-3
|
||||
- Fix agent auth on big endian machines
|
||||
|
||||
* Mon Feb 22 2016 - Stef Walter <stefw@redhat.com> - 0.7.1-2
|
||||
- Security fix for CVE-2016-0739 rhbz#1305971
|
||||
|
||||
* Mon Jul 06 2015 - Stef Walter <stefw@redhat.com> - 0.7.1-1
|
||||
- Updated to 0.7.1 release rhbz#1239085
|
||||
|
||||
* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-4
|
||||
- Updated patch for CVE-2015-3146
|
||||
|
||||
* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-3
|
||||
- Enable _hardened_build
|
||||
|
||||
* Tue Apr 21 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-2
|
||||
- Security fix for CVE-2015-3145.
|
||||
|
||||
* Wed Apr 01 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-1
|
||||
- Security fix for CVE-2014-8132.
|
||||
|
||||
* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 0.6.3-1
|
||||
|
|
Loading…
Reference in New Issue