dist-git conversion

#2781)

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: libssh2
-# $Id$
-NAME := libssh2
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

libssh2-0.18-padding.patch

@@ -0,0 +1,118 @@
+From: Peter Stuge <peter@stuge.se>
+Date: Sun, 6 Dec 2009 06:20:58 +0000 (+0100)
+Subject: Fix padding in ssh-dss signature blob encoding
+X-Git-Url: http://git.libssh2.org//gitweb.cgi?p=libssh2.git;a=commitdiff_plain;h=1aba38cd7d2658146675ce1737e5090f879f3068
+
+Fix padding in ssh-dss signature blob encoding
+
+DSA signatures consist of two 160-bit integers called r and s. In ssh-dss
+signature blobs r and s are stored directly after each other in binary
+representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.)
+
+The crypto wrappers in libssh2 would either pack r and s incorrectly, or
+fail, when at least one integer was small enough to be stored in 19 bytes
+or less.
+
+The patch ensures that r and s are always stored as two 160 bit numbers.
+---
+
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index ba00284..b06be42 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -424,6 +424,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
+         return -1;
+     }
+ 
++    memset(sig, 0, 40);
++
+ /* Extract R. */
+ 
+     data = gcry_sexp_find_token(sig_sexp, "r", 0);
+@@ -433,22 +435,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
+     }
+ 
+     tmp = gcry_sexp_nth_data(data, 1, &size);
+-    if (!tmp) {
+-        ret = -1;
+-        goto out;
+-    }
+-
+-    if (tmp[0] == '\0') {
+-        tmp++;
+-        size--;
+-    }
+-
+-    if (size != 20) {
++    if (!tmp || size < 1 || size > 20) {
+         ret = -1;
+         goto out;
+     }
+ 
+-    memcpy(sig, tmp, 20);
++    memcpy(sig + (20 - size), tmp, size);
+ 
+     gcry_sexp_release(data);
+ 
+@@ -461,22 +453,12 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
+     }
+ 
+     tmp = gcry_sexp_nth_data(data, 1, &size);
+-    if (!tmp) {
+-        ret = -1;
+-        goto out;
+-    }
+-
+-    if (tmp[0] == '\0') {
+-        tmp++;
+-        size--;
+-    }
+-
+-    if (size != 20) {
++    if (!tmp || size < 1 || size > 20) {
+         ret = -1;
+         goto out;
+     }
+ 
+-    memcpy(sig + 20, tmp, 20);
++    memcpy(sig + 20 + (20 - size), tmp, size);
+ 
+     ret = 0;
+   out:
+diff --git a/src/openssl.c b/src/openssl.c
+index 250ea63..000c9ec 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -420,7 +420,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
+                        unsigned long hash_len, unsigned char *signature)
+ {
+     DSA_SIG *sig;
+-    int r_len, s_len, rs_pad;
++    int r_len, s_len;
+     (void) hash_len;
+ 
+     sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
+@@ -429,15 +429,20 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
+     }
+ 
+     r_len = BN_num_bytes(sig->r);
++    if (r_len < 1 || r_len > 20) {
++        DSA_SIG_free(sig);
++        return -1;
++    }
+     s_len = BN_num_bytes(sig->s);
+-    rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
+-    if (rs_pad < 0) {
++    if (s_len < 1 || s_len > 20) {
+         DSA_SIG_free(sig);
+         return -1;
+     }
+ 
+-    BN_bn2bin(sig->r, signature + rs_pad);
+-    BN_bn2bin(sig->s, signature + rs_pad + r_len);
++    memset(signature, 0, 40);
++
++    BN_bn2bin(sig->r, signature + (20 - r_len));
++    BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
+ 
+     DSA_SIG_free(sig);

libssh2.spec

@@ -1,16 +1,20 @@
 Name:           libssh2
 Version:        0.18
-Release:        7%{?dist}
+Release:        10%{?dist}
 Summary:        A library implementing the SSH2 protocol
 
 Group:          System Environment/Libraries
 License:        BSD
 URL:            http://www.libssh2.org/
 Source0:        http://downloads.sourceforge.net/libssh2/%{name}-%{version}.tar.gz
+
+Patch0:		libssh2-0.18-padding.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  openssl-devel
 BuildRequires:  zlib-devel   
+BuildRequires:  pkgconfig
 
 %description
 libssh2 is a library implementing the SSH2 protocol as defined by
@@ -41,6 +45,8 @@ developing applications that use %{name}.
 %prep
 %setup -q
 
+%patch0 -p1 -b .padding
+
 # make sure things are UTF-8...
 for i in ChangeLog NEWS ; do
     iconv --from=ISO-8859-1 --to=UTF-8 $i > new
@@ -57,12 +63,12 @@ make %{?_smp_mflags}
 rm -rf %{buildroot}
 
 make install DESTDIR=%{buildroot} INSTALL="install -p"
-find %{buildroot} -name '*.la' -exec rm -f {} + 
+find %{buildroot} -name '*.la' -exec rm -f {} \; 
 
 # clean things up a bit for packaging
 ( cd example && make clean )
 rm -rf example/simple/.deps 
-find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} +
+find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} \;
 
 %check
 (cd tests && make check)
@@ -93,6 +99,15 @@ rm -rf %{buildroot}
 %{_libdir}/*.so
 
 %changelog
+* Tue Dec 22 2009 David Juran <djuran@redhat.com> - 0.18-10
+- fix incorrect padding (Bz 539444)
+
+* Tue Jul 15 2008 David Juran <djuran@redhat.com> - 0.18-9
+- Tagging sillyness
+
+* Tue Jul  1 2008  <djuran@redhat.com> - 0.18-8
+- Adapted for EPEL
+
 * Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.18-7
 - Autorebuild for GCC 4.3