Update to 1.8.1
- New upstream release 1.8.1 - Fixed possible integer overflow when reading a specially crafted packet (CVE-2019-3855) - Fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings (CVE-2019-3863) - Fixed possible integer overflow if the server sent an extremely large number of keyboard prompts (CVE-2019-3856) - Fixed possible out of bounds read when processing a specially crafted packet (CVE-2019-3861) - Fixed possible integer overflow when receiving a specially crafted exit signal message channel packet (CVE-2019-3857) - Fixed possible out of bounds read when receiving a specially crafted exit status message channel packet (CVE-2019-3862) - Fixed possible zero byte allocation when reading a specially crafted SFTP packet (CVE-2019-3858) - Fixed possible out of bounds reads when processing specially crafted SFTP packets (CVE-2019-3860) - Fixed possible out of bounds reads in _libssh2_packet_require(v) (CVE-2019-3859) - Fix mis-applied patch in the fix of CVE-2019-3859 - https://github.com/libssh2/libssh2/issues/325 - https://github.com/libssh2/libssh2/pull/327
This commit is contained in:
parent
ab0e53ac52
commit
7dfb17d3cb
|
@ -0,0 +1,50 @@
|
|||
From 74ecd0e10ced2237f32d273784ef8eaf553b9c30 Mon Sep 17 00:00:00 2001
|
||||
From: Will Cosgrove <will@panic.com>
|
||||
Date: Mon, 18 Mar 2019 17:36:04 -0700
|
||||
Subject: [PATCH] Fixed misapplied patch
|
||||
|
||||
Fixes for user auth
|
||||
---
|
||||
src/userauth.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/userauth.c b/src/userauth.c
|
||||
index ed804629..c02d81d0 100644
|
||||
--- a/src/userauth.c
|
||||
+++ b/src/userauth.c
|
||||
@@ -107,7 +107,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
|
||||
LIBSSH2_FREE(session, session->userauth_list_data);
|
||||
session->userauth_list_data = NULL;
|
||||
|
||||
- if (rc || (session->userauth_list_data_len < 1)) {
|
||||
+ if (rc) {
|
||||
_libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
|
||||
"Unable to send userauth-none request");
|
||||
session->userauth_list_state = libssh2_NB_state_idle;
|
||||
@@ -127,7 +127,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
|
||||
_libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
|
||||
"Would block requesting userauth list");
|
||||
return NULL;
|
||||
- } else if (rc) {
|
||||
+ } else if (rc || (session->userauth_list_data_len < 1)) {
|
||||
_libssh2_error(session, rc, "Failed getting response");
|
||||
session->userauth_list_state = libssh2_NB_state_idle;
|
||||
return NULL;
|
||||
@@ -1172,7 +1172,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
|
||||
NULL, 0);
|
||||
if (rc == LIBSSH2_ERROR_EAGAIN)
|
||||
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
|
||||
- else if (rc || (session->userauth_pblc_data_len < 1)) {
|
||||
+ else if (rc) {
|
||||
LIBSSH2_FREE(session, session->userauth_pblc_packet);
|
||||
session->userauth_pblc_packet = NULL;
|
||||
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
||||
@@ -1195,7 +1195,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
|
||||
if (rc == LIBSSH2_ERROR_EAGAIN) {
|
||||
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
|
||||
}
|
||||
- else if (rc) {
|
||||
+ else if (rc || (session->userauth_pblc_data_len < 1)) {
|
||||
LIBSSH2_FREE(session, session->userauth_pblc_packet);
|
||||
session->userauth_pblc_packet = NULL;
|
||||
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
34
libssh2.spec
34
libssh2.spec
|
@ -1,11 +1,12 @@
|
|||
Name: libssh2
|
||||
Version: 1.8.0
|
||||
Release: 10%{?dist}
|
||||
Version: 1.8.1
|
||||
Release: 1%{?dist}
|
||||
Summary: A library implementing the SSH2 protocol
|
||||
License: BSD
|
||||
URL: http://www.libssh2.org/
|
||||
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||
Patch1: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
|
||||
Patch2: https://github.com/libssh2/libssh2/commit/74ecd0e1.patch
|
||||
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: findutils
|
||||
|
@ -62,6 +63,11 @@ developing applications that use libssh2.
|
|||
# https://github.com/libssh2/libssh2/pull/208
|
||||
%patch1 -p1
|
||||
|
||||
# userauth: fix mis-applied patch in the fix of CVE-2019-3859
|
||||
# https://github.com/libssh2/libssh2/issues/325
|
||||
# https://github.com/libssh2/libssh2/pull/327
|
||||
%patch2 -p1
|
||||
|
||||
# Replace hard wired port number in the test suite to avoid collisions
|
||||
# between 32-bit and 64-bit builds running on a single build-host
|
||||
sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
|
||||
|
@ -131,6 +137,30 @@ LC_ALL=en_US.UTF-8 make -C tests check
|
|||
%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
%changelog
|
||||
* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1
|
||||
- Update to 1.8.1
|
||||
- Fixed possible integer overflow when reading a specially crafted packet
|
||||
(CVE-2019-3855)
|
||||
- Fixed possible integer overflow in userauth_keyboard_interactive with a
|
||||
number of extremely long prompt strings (CVE-2019-3863)
|
||||
- Fixed possible integer overflow if the server sent an extremely large
|
||||
number of keyboard prompts (CVE-2019-3856)
|
||||
- Fixed possible out of bounds read when processing a specially crafted
|
||||
packet (CVE-2019-3861)
|
||||
- Fixed possible integer overflow when receiving a specially crafted exit
|
||||
signal message channel packet (CVE-2019-3857)
|
||||
- Fixed possible out of bounds read when receiving a specially crafted exit
|
||||
status message channel packet (CVE-2019-3862)
|
||||
- Fixed possible zero byte allocation when reading a specially crafted SFTP
|
||||
packet (CVE-2019-3858)
|
||||
- Fixed possible out of bounds reads when processing specially crafted SFTP
|
||||
packets (CVE-2019-3860)
|
||||
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
|
||||
(CVE-2019-3859)
|
||||
- Fix mis-applied patch in the fix of CVE-2019-3859
|
||||
- https://github.com/libssh2/libssh2/issues/325
|
||||
- https://github.com/libssh2/libssh2/pull/327
|
||||
|
||||
* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10
|
||||
- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
|
||||
locale settings in mock builders
|
||||
|
|
Loading…
Reference in New Issue