Revert "In rhel-7-server-extras now"

Unretirement for https://pagure.io/releng/issue/7846 This reverts commit 8d43372986.
2019-04-01 13:29:53 -04:00 · 2019-04-01 13:29:53 -04:00 · e323d99437
parent 8d43372986
commit e323d99437
5 changed files with 287 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,21 @@
+libssh-0.4.4.tar.gz
+libssh-0.4.4.tar.gz.asc
+/libssh-0.4.6.tar.gz
+/libssh-0.4.6.tar.gz.asc
+/libssh-0.4.8.tar.gz
+/libssh-0.4.8.tar.gz.asc
+/libssh-0.5.0.tar.gz
+/libssh-0.5.0.tar.gz.asc
+/libssh-0.5.2.tar.gz
+/libssh-0.5.2.tar.gz.asc
+/libssh-0.5.3.tar.gz
+/libssh-0.5.3.tar.asc
+/libssh-0.5.4.tar.gz
+/libssh-0.5.4.tar.asc
+/libssh-0.5.5.tar.gz
+/libssh-0.5.5.tar.asc
+/libssh-0.6.0.tar.xz
+/libssh-0.6.1.tar.xz
+/libssh-0.6.3.tar.xz
+/libssh-0.6.4.tar.gz
+/libssh-0.6.5.tar.xz
--- a/CVE-2016-0739-v0-6.patch
+++ b/CVE-2016-0739-v0-6.patch
@ -0,0 +1,70 @@
+From 1fd92622d87787d183099defb15a5e7bb4e2c875 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 9 Feb 2016 15:09:27 +0100
+Subject: [PATCH] dh: Fix CVE-2016-0739
+
+Due to a byte/bit confusion, the DH secret was too short. This file was
+completely reworked and will be commited in a future version.
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/dh.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/dh.c b/src/dh.c
+index 010a1dd..7a817e8 100644
+--- a/src/dh.c
+++ b/src/dh.c
+@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, bignum num) {
+ }
+ 
+ int dh_generate_x(ssh_session session) {
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+   session->next_crypto->x = bignum_new();
+   if (session->next_crypto->x == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->x, 128);
+  bignum_rand(session->next_crypto->x, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->x, 128, 0, -1);
+  bignum_rand(session->next_crypto->x, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) {
+ 
+ /* used by server */
+ int dh_generate_y(ssh_session session) {
+-    session->next_crypto->y = bignum_new();
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+  session->next_crypto->y = bignum_new();
+   if (session->next_crypto->y == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->y, 128);
+  bignum_rand(session->next_crypto->y, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->y, 128, 0, -1);
+  bignum_rand(session->next_crypto->y, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+-- 
+2.5.0
+
--- a/dead.package
+++ b/dead.package
@ -1 +0,0 @@
-In rhel-7-server-extras now
--- a/libssh.spec
+++ b/libssh.spec
@ -0,0 +1,195 @@
+Name:           libssh
+Version:        0.6.5
+Release:        2%{?dist}
+Summary:        A library implementing the SSH protocol
+License:        LGPLv2+
+URL:            http://www.libssh.org
+Group:          System Environment/Libraries
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+Source0:        https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz
+
+Patch0:         CVE-2016-0739-v0-6.patch
+
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  openssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  zlib-devel
+
+%description
+The ssh library was designed to be used by programmers needing a working SSH
+implementation by the mean of a library. The complete control of the client is
+made by the programmer. With libssh, you can remotely execute programs, transfer
+files, use a secure and transparent tunnel for your remote programs. With its
+Secure FTP implementation, you can play with remote files easily, without
+third-party programs others than libcrypto (from openssl).
+
+%package devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Requires:       pkgconfig
+Requires:       cmake
+
+%description devel
+The %{name}-devel package contains libraries and header files for developing
+applications that use %{name}.
+
+%prep
+%setup -q
+
+%patch0 -p1 -b .CVE-2016-0739-v0-6.patch
+
+# Remove examples, they are not packaged and do not build on EPEL 5
+sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
+rm -rf examples
+
+%build
+if test ! -e "obj"; then
+  mkdir obj
+fi
+pushd obj
+
+%cmake \
+    %{_builddir}/%{name}-%{version}
+make %{?_smp_mflags} VERBOSE=1
+make doc
+
+popd
+
+%install
+pushd obj
+make DESTDIR=%{buildroot} install
+popd
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%doc AUTHORS BSD ChangeLog COPYING README
+%{_libdir}/libssh.so.*
+%{_libdir}/libssh_threads.so.*
+
+%files devel
+%doc obj/doc/html
+%{_includedir}/libssh/callbacks.h
+%{_includedir}/libssh/legacy.h
+%{_includedir}/libssh/libssh.h
+%{_includedir}/libssh/libsshpp.hpp
+%{_includedir}/libssh/server.h
+%{_includedir}/libssh/sftp.h
+%{_includedir}/libssh/ssh2.h
+%dir  %{_libdir}/cmake/libssh
+%{_libdir}/cmake/libssh/libssh-config-version.cmake
+%{_libdir}/cmake/libssh/libssh-config.cmake
+%{_libdir}/pkgconfig/libssh.pc
+%{_libdir}/pkgconfig/libssh_threads.pc
+%{_libdir}/libssh.so
+%{_libdir}/libssh_threads.so
+
+%changelog
+* Thu Feb 25 2016 Andreas Schneider <asn@redhat.com> - 0.6.5-2
+- resolves: #1311259 - Fix CVE-2016-0739
+
+* Thu Apr 30 2015 Andreas Schneider <asn@redhat.com> - 0.6.5-1
+- resolves: #1213775 - Security fix for CVE-2015-3146
+- resolves: #1218077 - Security fix for CVE-2015-3146
+
+* Fri Dec 19 2014 - Andreas Schneider <asn@redhat.com> - 0.6.4-1
+- Security fix for CVE-2014-8132.
+
+* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 0.6.3-1
+- Fix CVE-2014-0017.
+
+* Mon Feb 10 2014 - Andreas Schneider <asn@redhat.com> - 0.6.1-1
+- Update to version 0.6.1.
+- resolves: #1056757 - Fix scp mode.
+- resolves: #1053305 - Fix known_hosts heuristic.
+
+* Wed Jan 08 2014 - Andreas Schneider <asn@redhat.com> - 0.6.0-1
+- Update to 0.6.0
+
+* Fri Jul 26 2013 - Andreas Schneider <asn@redhat.com> - 0.5.5-1
+- Update to 0.5.5.
+- Clenup the spec file.
+
+* Thu Jul 18 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-5
+- Add EPEL 5 support.
+- Add Debian patches to enable Doxygen documentation.
+
+* Tue Jul 16 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-4
+- Add patch for #982685.
+
+* Mon Jun 10 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-3
+- Clean up SPEC file and fix rpmlint complaints.
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jan 23 2013 Petr Lautrbach <plautrba@redhat.com> 0.5.4-1
+- update to security 0.5.4 release
+- CVE-2013-0176 (#894407)
+
+* Tue Nov 20 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.3-1
+- update to security 0.5.3 release (#878465)
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Feb 02 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.2-1
+- update to 0.5.2 version (#730270)
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed Jun  1 2011 Jan F. Chadima <jchadima@redhat.com> - 0.5.0-1
+- bounce versionn to 0.5.0 (#709785)
+- the support for protocol v1 is disabled
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan 19 2011 Jan F. Chadima <jchadima@redhat.com> - 0.4.8-1
+- bounce versionn to 0.4.8 (#670456)
+
+* Mon Sep  6 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.6-1
+- bounce versionn to 0.4.6 (#630602)
+
+* Thu Jun  3 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.4-1
+- bounce versionn to 0.4.4 (#598592)
+
+* Wed May 19 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.3-1
+- bounce versionn to 0.4.3 (#593288)
+
+* Tue Mar 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.2-1
+- bounce versionn to 0.4.2 (#573972)
+
+* Tue Feb 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.1-1
+- bounce versionn to 0.4.1 (#565870)
+
+* Fri Dec 11 2009 Jan F. Chadima <jchadima@redhat.com> - 0.4.0-1
+- bounce versionn to 0.4.0 (#541010)
+
+* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-2
+- typo in spec file
+
+* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-1
+- bounce versionn to 0.3.92 (0.4 beta2) (#541010)
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.2-4
+- rebuilt with new openssl
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Jun 02 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-2
+- Small changes during review
+
+* Mon Jun 01 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-1
+- Initial build
+
--- a/1
+++ b/1
@ -0,0 +1 @@
+fdf107011ae1847d86620b39ae37d4f3  libssh-0.6.5.tar.xz
				`@ -0,0 +1 @@`
				`fdf107011ae1847d86620b39ae37d4f3 libssh-0.6.5.tar.xz`